|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-19] courier-imap: Remote Format String Vulnerability Vulnerability Scan
Vulnerability Scan Summary courier-imap: Remote Format String Vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-19
(courier-imap: Remote Format String Vulnerability)
There is a format string vulnerability in the auth_debug() function which
can be exploited remotely, potentially leading to arbitrary code execution
as the user running the IMAP daemon (oftentimes root). A remote attacker
may send username or password information containing printf() format tokens
(such as "%s"), which will crash the server or cause it to
execute arbitrary code.
This vulnerability can only be exploited if DEBUG_LOGIN is set to something
other than 0 in the imapd config file.
Impact
If DEBUG_LOGIN is enabled in the imapd configuration, a remote attacker may
execute arbitrary code as the root user.
Workaround
Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is the
default value.)
References:
http://www.idefense.com/application/poi/display?id=131&type=vulnerabilities&flashstatus=true
Solution:
All courier-imap users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-mail/courier-imap-3.0.5"
# emerge ">=net-mail/courier-imap-3.0.5"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|