Bacheca Debian sulla sicurezza
DSA-197-1 courier -- overflow di un buffer
- Data della segnalazione:
- 15 nov 2002
- Pacchetti coinvolti:
- courier
- Vulnerabile:
- Sì
- Referenze all'interno del database della sicurezza:
- Nel dizionario CVE di Mitre: CVE-2002-1311.
- Maggiori informazioni:
-
È stato trovato un problema nel pacchetto Courier sqwebmail, un programma CGI che permette l'accesso alle caselle di posta locali. Il programma non abbandonava alcuni diritti sufficientemente in fretta alla partenza, tanto che in alcune circostanze un utente locale potrebbe lanciare l'eseguibile sqwebmail e leggere un qualsiasi file sul sistema locale.
Questo problema è stato risolto nella versione 0.37.3-2.3 per la attuale distribuzione stable (woody) e nella versione 0.40.0-1 per la distribuzione unstable (sid). La precedente versione stable (potato) non contiene il pacchetto sqwebmail. Inoltre il pacchetto
courier-ssl
non è affetto dal pèroblema poiché non espone un pacchetto sqwebmail.Suggeriamo di aggiornare i propri pacchetti sqwebmail immediatamente.
- Risolto in:
-
Debian GNU/Linux 3.0 (woody)
- Sorgente:
- http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.diff.gz
- http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.dsc
- http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.dsc
- Componente indipendente dall'architettura:
- http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.3_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.1_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_alpha.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_arm.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_i386.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_ia64.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_ia64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_hppa.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_m68k.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_mips.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_mipsel.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_powerpc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_s390.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_sparc.deb
- http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_sparc.deb
Somma di controllo MD5 per i file in elenco disponibile nella notizia originale.