GLSA 200408-19: courier-imap: Remote Format String Vulnerability

Severity:high
Title:courier-imap: Remote Format String Vulnerability
Date:08/19/2004
Bugs: #60865
ID:200408-19

Synopsis

There is a format string vulnerability in non-standard configurations of courier-imapd which may be exploited remotely. An attacker may be able to execute arbitrary code as the user running courier-imapd (oftentimes root).

Background

Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs.

Affected packages

Package Vulnerable Unaffected Architecture(s)
net-mail/courier-imap <= 3.0.2-r1 >= 3.0.5 All supported architectures

Description

There is a format string vulnerability in the auth_debug() function which can be exploited remotely, potentially leading to arbitrary code execution as the user running the IMAP daemon (oftentimes root). A remote attacker may send username or password information containing printf() format tokens (such as "%s"), which will crash the server or cause it to execute arbitrary code.

This vulnerability can only be exploited if DEBUG_LOGIN is set to something other than 0 in the imapd config file.

Impact

If DEBUG_LOGIN is enabled in the imapd configuration, a remote attacker may execute arbitrary code as the root user.

Workaround

Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is the default value.)

Resolution

All courier-imap users should upgrade to the latest version:

    # emerge sync
    
    # emerge -pv ">=net-mail/courier-imap-3.0.5"
    # emerge ">=net-mail/courier-imap-3.0.5"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200408-19.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Thank you!