SA-1997.07.txt
c3f9b2439f13fd002b037a7c7b33414d9579c524e1e22594ceb2d4c15f59e9b6
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory 1997.07: Vulnerability in imap package
Caldera Security Advisory SA-1997.07
Original issue date: 6-July-1997
Last revised: 6-July-1997
Topic: Vulnerability in imap
I. Problem Description
The current version of Internet Message Access Protocol (IMAP)
supports both online and offline operation, permitting manipulation
of remote message folders. It provides access to multiple mailboxes
(possibly on multiple servers), and supports nested mailboxes as
well as resynchronization with the server. The current version
also provides a user with the ability to create, delete, and rename
mailboxes. Additional details concerning the functionality of IMAP
can be found in RFC 2060 (the IMAP4rev1 specification) available from
http://ds.internic.net/rfc/rfc2060.txt
The Post Office Protocol (POP) was designed to support offline
mail processing. That is, the client connects to the server to
download mail that the server is holding for the client. The mail
is deleted from the server and is handled offline (locally) on the
client machine.
In both protocols, the server must run with root privileges so
it can access mail folders and undertake some file manipulation
on behalf of the user logging in. After login, these privileges
are discarded. However, a vulnerability exists in the way the
login transaction is handled, and this can be exploited to gain
privileged access on the server. By preparing carefully crafted
text to a system running a vulnerable version of these servers,
remote users may be able to cause a buffer overflow and execute
arbitrary instructions with root privileges.
Information about this vulnerability has been widely distributed.
II. Impact
On systems such as Caldera OpenLinux 1.0 and 1.1, remote users
can obtain root access on systems running a vulnerable IMAP or
POP server. They do not need access to an account on the system
to do this.
III. Solution
Obtain the new imap-4.1.BETA-2.i386.rpm file and install according to
the instructions found in the README file which is one directory up
from the actual rpm file.
This package is located on Caldera's FTP server (ftp.caldera.com):
/pub/openlinux/updates/1.0/current/RPMS
/pub/openlinux/updates/1.1/current/RPMS (Both are the same)
The MD5 checksum (from the "md5sum" command) for this package is:
bc231b563148eda9179aacc40a9e313e imap-4.1.BETA-2.i386.rpm
Please follow the instructions from the README file precisely to
update any older version of imap that may be on your system:
IV. References / Credits
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
This advisory is based on the security advisory CERT CA-97.09.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBM8A3LOn+9R4958LpAQFvhwP/T+1Q6gXpIbJxuip/bDlS0T86OXscCWyY
4Kxcivfyy3MLf85xz3VeevRELb4iwThXf16V1YSEydz+kiKUk+EWL8TqcstnBxCD
4ipOhl6KsOqBAsv2PVDh01E1WS6l4IqqxAMOXERO5wOiLJyynzdUZvHWgkAhrcZj
Xqfoy3/wcuQ=
=bBt2
-----END PGP SIGNATURE-----