|
Family: Ubuntu Local Security Checks --> Category: infos
USN37-1 : cyrus21-imapd vulnerability Vulnerability Scan
Vulnerability Scan Summary cyrus21-imapd vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- cyrus21-admin
- cyrus21-clients
- cyrus21-common
- cyrus21-dev
- cyrus21-doc
- cyrus21-imapd
- cyrus21-murder
- cyrus21-pop3d
- libcyrus-imap-perl21
Description :
Recently another buffer overflow has been discovered in the SASL
authentication module of the Cyrus IMAP server. An off-by-one
comparison error in the mysasl_canon_user() function could lead to a
missing termination of an user name string.
This vulnerability could allow remote, attacker-supplied machine code
to be executed in the context of the affected server process. Since
the IMAP server usually runs as unprivileged user 'cyrus', there is no
possibility of root privilege escalation.
Solution :
Upgrade to :
- cyrus21-admin-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-clients-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-common-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-dev-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-doc-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-imapd-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-murder-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- cyrus21-pop3d-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
- libcyrus-imap-perl21-2.1.16-6ubuntu0.2 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|