Vulnerability Bulletins |
Ejecución remota de código en GNU Mailutils |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | GNU Mailutils 0.6 |
Description |
|
|
Se ha descubierto una vulnerabilidad de formateo de cadena en GNU Mailutils 0.6. La vulnerabilidad reside en "search.c" del servidor imap4d que no valida correctamente algunos parámetros. Un atacante remoto autenticado podría ejecutar comandos arbitrarios en el servidor IMAP mediante un comando SEARCH especialmente diseñado. |
|
Solution |
|
|
Actualización de software Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.dsc http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.diff.gz http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_0.6.1-4sarge1_all.deb Alpha http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_alpha.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_amd64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_arm.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_i386.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_ia64.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_ia64.deb HP Precision http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_hppa.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_m68k.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mips.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mipsel.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_powerpc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_s390.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_sparc.deb http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2005-2878 |
| BID | |
Other resources |
|
|
Debian Security Advisory (DSA 841-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00235.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-10-07 |