Bacheca Debian sulla sicurezza

DSA-197-1 courier -- overflow di un buffer

Data della segnalazione:
15 nov 2002
Pacchetti coinvolti:
courier
Vulnerabile:
Referenze all'interno del database della sicurezza:
Nel dizionario CVE di Mitre: CVE-2002-1311.
Maggiori informazioni:

È stato trovato un problema nel pacchetto Courier sqwebmail, un programma CGI che permette l'accesso alle caselle di posta locali. Il programma non abbandonava alcuni diritti sufficientemente in fretta alla partenza, tanto che in alcune circostanze un utente locale potrebbe lanciare l'eseguibile sqwebmail e leggere un qualsiasi file sul sistema locale.

Questo problema è stato risolto nella versione 0.37.3-2.3 per la attuale distribuzione stable (woody) e nella versione 0.40.0-1 per la distribuzione unstable (sid). La precedente versione stable (potato) non contiene il pacchetto sqwebmail. Inoltre il pacchetto courier-ssl non è affetto dal pèroblema poiché non espone un pacchetto sqwebmail.

Suggeriamo di aggiornare i propri pacchetti sqwebmail immediatamente.

Risolto in:

Debian GNU/Linux 3.0 (woody)

Sorgente:
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.diff.gz
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.dsc
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
Componente indipendente dall'architettura:
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.3_all.deb
Alpha:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.1_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_alpha.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_arm.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_i386.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_ia64.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_ia64.deb
HP Precision:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_hppa.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_m68k.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_mips.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_mipsel.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_powerpc.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_s390.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_sparc.deb
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_sparc.deb

Somma di controllo MD5 per i file in elenco disponibile nella notizia originale.