cyrus-imapd-2.3.7-7AXS3.3
エラータID: AXSA:2009-400:02
リリース日:
2009/09/27 Sunday - 19:48
題名:
cyrus-imapd-2.3.7-7AXS3.3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- cyrus-imapd で使われている SIEVE スクリプトコンポーネントにはバッファオーバーフローが存在し、ローカルのユーザが巧妙に作られた SIEVE スクリプトによって任意のコードを実行したり、任意のメッセージを読んだり変更したりする脆弱性があります。(CVE-2009-2632)
- Dovecot の Sieve プラグインに複数のスタックベースのオーバーフローが存在し、攻撃者が巧妙に作られた SIEVE スクリプトによって、サービス拒否 (クラッシュ) を引き起こしたり、任意のコードを実行する脆弱性があります。(CVE-2009-3235)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-3235
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
CVE-2009-2632
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
追加情報:
N/A
ダウンロード:
SRPMS
- cyrus-imapd-2.3.7-7AXS3.3.src.rpm
MD5: 8d3eba11caab4b83e1f2c4040ce4bed3
SHA-256: 974587338a7f98400568797f10d4b302fb1cce85a5bdc7bad712e6adafc1c20f
Size: 2.31 MB
Asianux Server 3 for x86
- cyrus-imapd-2.3.7-7AXS3.3.i386.rpm
MD5: 899039bd793f10f752c63e094eabade0
SHA-256: 459f2c987ffa9747b2144f7d2e8b766c4a5fd86e43a7a35cbc8fbd8a926d9540
Size: 12.51 MB - cyrus-imapd-devel-2.3.7-7AXS3.3.i386.rpm
MD5: edafd022f34c4f991f040181db815158
SHA-256: c05101a17a910b4136fe2856a716a5635803da3e60fb63558d1d460032ff8958
Size: 302.03 kB - cyrus-imapd-perl-2.3.7-7AXS3.3.i386.rpm
MD5: 70c7ecd02851d96e6cd72864f5e35a59
SHA-256: ef2e5c4f3e30fc99e521f99d3f89e29d2e40d57b42239c3e3470d52f0c4fbd6f
Size: 210.58 kB - cyrus-imapd-utils-2.3.7-7AXS3.3.i386.rpm
MD5: 25c1acd4164c5eae88384d077f6e986e
SHA-256: a47ae8c7263e6e793e71f87eba4f1aeeb79a8cecba7fbf01bbf75ece949b5365
Size: 182.73 kB
Asianux Server 3 for x86_64
- cyrus-imapd-2.3.7-7AXS3.3.x86_64.rpm
MD5: 87b8ebc5cfd35e6e62856ca6ec1a22be
SHA-256: 0f9db800efbabfbfd1fae7cf30e8deed3f699567bbfc68ea4c3828dd0d5c8fa8
Size: 12.64 MB - cyrus-imapd-devel-2.3.7-7AXS3.3.x86_64.rpm
MD5: 38cf8fb25577731858b41e70bebd878c
SHA-256: 782e7e527c5e844ec871e3603a22ac9e3d12ca5a3943a94bf11231920cb2f8d7
Size: 305.56 kB - cyrus-imapd-perl-2.3.7-7AXS3.3.x86_64.rpm
MD5: 96355c3ee14a3073ce013618f8c170a8
SHA-256: ac73a35a929641d22e80d621acebbe0111acd38d17a50fab021dcf72c76a3bd9
Size: 210.63 kB - cyrus-imapd-utils-2.3.7-7AXS3.3.x86_64.rpm
MD5: a7320105f880fa2f10499b583b76be75
SHA-256: 7d6889824a4c271f8b31680ace9078285fcc2c12557f8e5ef82d4fbc492c4855
Size: 186.19 kB