-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory 1997.07: Vulnerability in imap package

Caldera Security Advisory SA-1997.07
Original issue date:    6-July-1997
Last revised:           6-July-1997

Topic: Vulnerability in imap

I. Problem Description

     The current version of Internet Message Access Protocol (IMAP)
     supports both online and offline operation, permitting manipulation
     of remote message folders. It provides access to multiple mailboxes
     (possibly on multiple servers), and supports nested mailboxes as
     well as resynchronization with the server. The current version
     also provides a user with the ability to create, delete, and rename
     mailboxes. Additional details concerning the functionality of IMAP
     can be found in RFC 2060 (the IMAP4rev1 specification) available from

                http://ds.internic.net/rfc/rfc2060.txt

     The Post Office Protocol (POP) was designed to support offline
     mail processing. That is, the client connects to the server to
     download mail that the server is holding for the client. The mail
     is deleted from the server and is handled offline (locally) on the
     client machine.

     In both protocols, the server must run with root privileges so
     it can access mail folders and undertake some file manipulation
     on behalf of the user logging in. After login, these privileges
     are discarded. However, a vulnerability exists in the way the
     login transaction is handled, and this can be exploited to gain
     privileged access on the server. By preparing carefully crafted
     text to a system running a vulnerable version of these servers,
     remote users may be able to cause a buffer overflow and execute
     arbitrary instructions with root privileges.

     Information about this vulnerability has been widely distributed.

II. Impact

  On systems such as Caldera OpenLinux 1.0 and 1.1, remote users
  can obtain root access on systems running a vulnerable IMAP or
  POP server. They do not need access to an account on the system
  to do this.

III. Solution

  Obtain the new imap-4.1.BETA-2.i386.rpm file and install according to
  the instructions found in the README file which is one directory up
  from the actual rpm file.

  This package is located on Caldera's FTP server (ftp.caldera.com):

  /pub/openlinux/updates/1.0/current/RPMS
  /pub/openlinux/updates/1.1/current/RPMS (Both are the same)

  The MD5 checksum (from the "md5sum" command) for this package is:
  bc231b563148eda9179aacc40a9e313e  imap-4.1.BETA-2.i386.rpm
        
  Please follow the instructions from the README file precisely to
  update any older version of imap that may be on your system:


IV. References / Credits

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This advisory is based on the security advisory CERT CA-97.09.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBM8A3LOn+9R4958LpAQFvhwP/T+1Q6gXpIbJxuip/bDlS0T86OXscCWyY
4Kxcivfyy3MLf85xz3VeevRELb4iwThXf16V1YSEydz+kiKUk+EWL8TqcstnBxCD
4ipOhl6KsOqBAsv2PVDh01E1WS6l4IqqxAMOXERO5wOiLJyynzdUZvHWgkAhrcZj
Xqfoy3/wcuQ=
=bBt2
-----END PGP SIGNATURE-----