Debian Bug report logs -
#510918
CVE-2008-5514: Off-by-one error
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Mon, 5 Jan 2009 23:09:01 UTC
Severity: grave
Tags: patch, security
Found in version 8:2007b~dfsg-1
Fixed in versions 7:2007b~dfsg-4+lenny3, uw-imap/8:2007b~dfsg-1.1
Done: Nico Golde <nion@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Jonas Smedegaard <dr@jones.dk>
:
Bug#510918
; Package uw-imap
.
(Mon, 05 Jan 2009 23:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Jonas Smedegaard <dr@jones.dk>
.
(Mon, 05 Jan 2009 23:09:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: uw-imap
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uw-imap.
CVE-2008-5514[0]:
| Off-by-one error in the rfc822_output_char function in the
| RFC822BUFFER routines in the University of Washington (UW) c-client
| library, as used by the UW IMAP toolkit before imap-2007e and other
| applications, allows context-dependent attackers to cause a denial of
| service (crash) via an e-mail message that triggers a buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The issue has been fixed in lenny already via the latest DTSA. The patch
just needs to be applied for sid.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514
http://security-tracker.debian.net/tracker/CVE-2008-5514
Bug marked as found in version 8:2007b~dfsg-1.
Request was from Steffen Joeris <white@debian.org>
to control@bugs.debian.org
.
(Mon, 05 Jan 2009 23:15:04 GMT) (full text, mbox, link).
Bug marked as fixed in version 7:2007b~dfsg-4+lenny3.
Request was from Steffen Joeris <white@debian.org>
to control@bugs.debian.org
.
(Mon, 05 Jan 2009 23:15:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>
:
Bug#510918
; Package uw-imap
.
(Thu, 15 Jan 2009 18:12:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Jonas Smedegaard <dr@jones.dk>
.
(Thu, 15 Jan 2009 18:12:02 GMT) (full text, mbox, link).
Message #14 received at 510918@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
attached is a patch for a 0-day NMU that fixes this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[uw-imap-2007b~dfsg-1_2007b~dfsg-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Reply sent
to Nico Golde <nion@debian.org>
:
You have taken responsibility.
(Thu, 15 Jan 2009 18:39:08 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(Thu, 15 Jan 2009 18:39:08 GMT) (full text, mbox, link).
Message #19 received at 510918-close@bugs.debian.org (full text, mbox, reply):
Source: uw-imap
Source-Version: 8:2007b~dfsg-1.1
We believe that the bug you reported is fixed in the latest version of
uw-imap, which is due to be installed in the Debian FTP archive:
ipopd_2007b~dfsg-1.1_amd64.deb
to pool/main/u/uw-imap/ipopd_2007b~dfsg-1.1_amd64.deb
libc-client2007b-dev_2007b~dfsg-1.1_amd64.deb
to pool/main/u/uw-imap/libc-client2007b-dev_2007b~dfsg-1.1_amd64.deb
libc-client2007b_2007b~dfsg-1.1_amd64.deb
to pool/main/u/uw-imap/libc-client2007b_2007b~dfsg-1.1_amd64.deb
mlock_2007b~dfsg-1.1_amd64.deb
to pool/main/u/uw-imap/mlock_2007b~dfsg-1.1_amd64.deb
uw-imap_2007b~dfsg-1.1.diff.gz
to pool/main/u/uw-imap/uw-imap_2007b~dfsg-1.1.diff.gz
uw-imap_2007b~dfsg-1.1.dsc
to pool/main/u/uw-imap/uw-imap_2007b~dfsg-1.1.dsc
uw-imapd_2007b~dfsg-1.1_amd64.deb
to pool/main/u/uw-imap/uw-imapd_2007b~dfsg-1.1_amd64.deb
uw-mailutils_2007b~dfsg-1.1_amd64.deb
to pool/main/u/uw-imap/uw-mailutils_2007b~dfsg-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510918@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated uw-imap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 15 Jan 2009 19:00:01 +0100
Source: uw-imap
Binary: uw-imapd ipopd libc-client2007b-dev libc-client2007b mlock uw-mailutils
Architecture: source amd64
Version: 8:2007b~dfsg-1.1
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Nico Golde <nion@debian.org>
Description:
ipopd - POP2 and POP3 mail server
libc-client2007b - c-client library for mail protocols - library files
libc-client2007b-dev - c-client library for mail protocols - development files
mlock - mailbox locking program
uw-imapd - remote mail folder access server using IMAP4rev1
uw-mailutils - c-client support programs
Closes: 510918
Changes:
uw-imap (8:2007b~dfsg-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability because of rfc822_output_char() not
checking for a full buffer and writing one byte ahead the buffer, later
resulting in memcpy getting called with a possible size argument of -1
(0003_CVE-2008-5514.patch; Closes: #510918)
Checksums-Sha1:
3898813b9a7d6f986d550d56cd1263764e3ec1a9 1404 uw-imap_2007b~dfsg-1.1.dsc
43abc2c2e82fba4cf441076e393735aa6c9ba4f9 103450 uw-imap_2007b~dfsg-1.1.diff.gz
df0446552ab6120f10443da0c7ad014c207cbbe6 93488 uw-imapd_2007b~dfsg-1.1_amd64.deb
8cd348194299e5cce0d9f2d4cb9c6d1254115e8e 54784 ipopd_2007b~dfsg-1.1_amd64.deb
1d1b22176f646df2c4396bf18d06e14a48833db9 738120 libc-client2007b-dev_2007b~dfsg-1.1_amd64.deb
1d2a6c139ba35ac783721110fb1bc793d4b107d9 772222 libc-client2007b_2007b~dfsg-1.1_amd64.deb
3b722f0bfe5658243442b70f61530fce836e1b4c 31178 mlock_2007b~dfsg-1.1_amd64.deb
21865899b8ab9f475090fcc789c15937678825a1 59774 uw-mailutils_2007b~dfsg-1.1_amd64.deb
Checksums-Sha256:
5a8247e8b84c2702d00f4d9d6a673fc7bc5d6ba531c48344396e5abdadb4cd85 1404 uw-imap_2007b~dfsg-1.1.dsc
de5b0ce8a7ec34db0b56f5758625e79169632dd08523b218dddd4d7debc36184 103450 uw-imap_2007b~dfsg-1.1.diff.gz
e9c2d75b0ce264259c3df92a84260da6dbd3f71dfb70d5ac4542aed47e61a7fb 93488 uw-imapd_2007b~dfsg-1.1_amd64.deb
4149fa6ce0750275888a3da345c98de557a81c7415262c6adfa6d1cc727b7648 54784 ipopd_2007b~dfsg-1.1_amd64.deb
769e5a277fc64fb719c0be7c9459bd7186ff7ec3d6b2958d5b8689f941b7952b 738120 libc-client2007b-dev_2007b~dfsg-1.1_amd64.deb
e89cdab2d17edf11b7859f5824f93454b381bc693463db11600b4f26b553dec2 772222 libc-client2007b_2007b~dfsg-1.1_amd64.deb
56562d117eeeb6d911b086e0c4dfe41a720bdcd94bd6434603f7db357d3c25a4 31178 mlock_2007b~dfsg-1.1_amd64.deb
e77d80e6e51ec4effac82c5880be7e32457bdd5bc9ff7b106828833b1ee4126f 59774 uw-mailutils_2007b~dfsg-1.1_amd64.deb
Files:
c3f3e7aea719032f76403a34e853a769 1404 mail optional uw-imap_2007b~dfsg-1.1.dsc
b52edf46ef70df81ee71f75190275c11 103450 mail optional uw-imap_2007b~dfsg-1.1.diff.gz
426a09490296ececdd273942706f2fd1 93488 mail optional uw-imapd_2007b~dfsg-1.1_amd64.deb
1c978610e49fa46f416abe3972e714e5 54784 mail optional ipopd_2007b~dfsg-1.1_amd64.deb
3c4b9958f4c903bc31ab3ffd33af1be6 738120 libdevel optional libc-client2007b-dev_2007b~dfsg-1.1_amd64.deb
7aed84d35f219118a276fb2caa042e3a 772222 libs optional libc-client2007b_2007b~dfsg-1.1_amd64.deb
6ce891400fd2d1fece8e05f2bdbf1344 31178 mail optional mlock_2007b~dfsg-1.1_amd64.deb
baa2a40b146bf2176722e7681fbfad3b 59774 mail optional uw-mailutils_2007b~dfsg-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklve8kACgkQHYflSXNkfP98dgCfX11x8y5y2rqmatyQdmRiLHhj
qHAAoKr5aAC5Xyys3dc6npR4y/DzyTuZ
=XbVw
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 13 Feb 2009 07:27:17 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:43:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.