Boletines de Vulnerabilidades |
Ejecución remota de código en GNU Mailutils |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Avanzado |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | GNU/Linux |
Software afectado | GNU Mailutils 0.6 |
Descripción |
|
Se ha descubierto una vulnerabilidad de formateo de cadena en GNU Mailutils 0.6. La vulnerabilidad reside en "search.c" del servidor imap4d que no valida correctamente algunos parámetros. Un atacante remoto autenticado podría ejecutar comandos arbitrarios en el servidor IMAP mediante un comando SEARCH especialmente diseñado. |
|
Solución |
|
Actualización de software Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.dsc http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.diff.gz http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_0.6.1-4sarge1_all.deb Alpha http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_ia64.deb HP Precision http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_sparc.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-2878 |
BID | |
Recursos adicionales |
|
Debian Security Advisory (DSA 841-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00235.html |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2005-10-07 |