[ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx, alerts@xxxxxxxxxxxxxxxxx
Subject: [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier
From: Kurt Lieber <klieber@xxxxxxxxxx>
Date: Mon, 29 Mar 2004 03:16:38 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.5.1i

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200403-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                             http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Multiple remote buffer overflow vulnerabilities in Courier
      Date: March 26, 2004
      Bugs: #45584
        ID: 200403-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Remote buffer overflow vulnerabilites have been found in Courier-IMAP
and Courier MTA. These exploits may allow the execution of abritrary
code, allowing unauthorized access to a vulnerable system.

Background
==========

Courier MTA is a multiprotocol mail server suite that provides webmail,
mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone
server that gives IMAP access to local mailboxes.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /   Vulnerable   /              Unaffected
    -------------------------------------------------------------------
     net-mail/courier-imap        < 3.0.0                     >= 3.0.0
     net-mail/courier             < 0.45                       >= 0.45

Description
===========

The vulnerabilities have been found in the 'SHIFT_JIS' converter in
'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may
supply Unicode characters that exceed BMP (Basic Multilingual Plane)
range, causing an overflow.

Impact
======

An attacker without privileges may exploit this vulnerability remotely,
allowing arbitrary code to be executed in order to gain unauthorized
access.

Workaround
==========

While a workaround is not currently known for this issue, all users are
advised to upgrade to the latest version of the affected packages.

Resolution
==========

All users should upgrade to the current version of the affected
packages:

    # emerge sync

    # emerge -pv ">=net-mail/courier-imap-3.0.0"
    # emerge ">=net-mail/courier-imap-3.0.0"

    # ** Or; depending on your installation... **

    # emerge -pv ">=net-mail/courier-0.45"
    # emerge ">=net-mail/courier-0.45"

References
==========

  [ 1 ] http://www.securityfocus.com/bid/9845
  [ 2 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@xxxxxxxxxx or alternatively, you may file a bug at
http://bugs.gentoo.org.

Attachment: pgpHsZj2qEcJs.pgp
Description: PGP signature

Prev by Date: [ GLSA 200403-05 ] UUDeview MIME Buffer Overflow
Next by Date: [RHSA-2004:134-01] Updated squid package fixes security vulnerability
Previous by thread: [ GLSA 200403-05 ] UUDeview MIME Buffer Overflow
Next by thread: [RHSA-2004:134-01] Updated squid package fixes security vulnerability
Index(es):
- Date
- Thread