-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.14: Buffer overflows in imapd Topic: Buffer overflows in imapd Advisory issue date: 24-July-1998 I. Problem Description The imap package has a variety of buffer overflow bugs. One of them allows remote users to acquire root privilege. Exploits for this problem are already available on the internet. The other buffer overflows can only be triggered by users having an account on the server machine, and can not be used to acquire privileges, except on machines where there's an anonymous imap account. II. Impact Description: Vulnerable Systems: OpenLinux 1.0, 1.1, & 1.2 systems using imapd packages prior to imap-4.1.BETA-5. III. Solution Workaround: Do not use the IMAP services; remove the imap package. Correction: The proper solution is to Upgrade to the xxx packages. Note that not all the bugs are fixed in this package and there will be another release when those bugs are fixed. imap-4.1-BETA-5 fixes the remote root problem. As soon as imap-4.2 becomes available, which is supposed to address the other buffer overflows, we will release another update for imap. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 6df741b4217f03bf773b54509a7d283a RPMS/imap-4.1.BETA-5.i386.rpm d3526121c68b611524fc72746204d752 SRPMS/imap-4.1.BETA-5.src.rpm Upgrade with the following commands: rpm -q imap && rpm -U imap-4.1.BETA-5.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html Additional documentation on this problem can be found in: Message-ID: <19980619140902.14508@ns.lst.de> Date: Fri, 19 Jun 1998 14:09:02 +0200 From: Olaf Kirch To: vendor-sec@lst.de Subject: [vendor-sec] Boring BOFs (Buffer OverFlows) This security fix relates to Caldera's internal Problem Report 4026. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.14.txt,v 1.3 1998/07/24 13:01:09 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbiFlen+9R4958LpAQFCNQP9E2OXqfDuAgnzP+kV5hbvrYYVrlxp5ld4 2F/lQDpkC9dCzXghpkXt7pRP8Eb8Vxs1Rxzf/0uH8A+LasEu9hFORvy6OaxZmCiT Z532bkvvuYBfw099ifr/sRuXGC9a3+/58/EbCCd+gqNdzPHwnphYvLd5t+d5zK72 ziIjWxvAeyY= =6oMF -----END PGP SIGNATURE-----