漏洞信息详情
Dovecot IMAP Server Mapped Pages Off-By-One缓冲区溢出漏洞
- CNNVD编号:CNNVD-200611-299 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2006-5973
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-11-20
- 威胁类型: 远程
- 更新时间: 2006-11-27
- 厂 商: timo_sirainen
- 漏洞来源: The vendor disclos...
-
漏洞简介
Dovecot中存在差一(off-by-one)缓冲区溢出,当系统使用了index文件并且mmap_disable设置为\"yes\"时,远程认证IMAP或者POP3用户可以通过涉及缓存文件的未明向量来发起拒绝服务攻击(崩溃)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Dovecot Dovecot 1.0.RC10
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0 beta8
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.RC11
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.RC4
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.RC5
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.RC8
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.beta2
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.RC13
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
RedHat Fedora Core5
RedHat dovecot-1.0-0.beta8.3.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
RedHat dovecot-1.0-0.beta8.3.fc5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
RedHat dovecot-1.0-0.beta8.3.fc5.src.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
RedHat dovecot-1.0-0.beta8.3.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
RedHat dovecot-debuginfo-1.0-0.beta8.3.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
RedHat dovecot-debuginfo-1.0-0.beta8.3.fc5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
RedHat dovecot-debuginfo-1.0-0.beta8.3.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
Dovecot Dovecot 1.0.RC14
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Dovecot Dovecot 1.0.RC2
Dovecot file-cache-buffer-overflow-fix.diff
http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff
Dovecot dovecot-1.0.rc15.tar.gz
http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz
Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.beta3-3ubuntu5.4_amd64.deb
Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.beta3-3ubuntu5.4_i386.deb
Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.beta3-3ubuntu5.4_powerpc.deb
Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool
参考网址
来源: MLIST
名称: [Dovecot-news] 20091119 1.0.rc15 released
链接:http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
来源: XF
名称: dovecot-indexcache-bo(30433)
链接:http://xforce.iss.net/xforce/xfdb/30433
来源: BID
名称: 21183
链接:http://www.securityfocus.com/bid/21183/info
来源: BUGTRAQ
名称: 20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow
链接:http://www.securityfocus.com/archive/1/archive/1/452081/100/0/threaded
来源: VUPEN
名称: ADV-2006-4614
链接:http://www.frsirt.com/english/advisories/2006/4614
来源: SECUNIA
名称: 23007
链接:http://secunia.com/advisories/23007
来源:issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-802
来源: UBUNTU
名称: USN-387-1
链接:http://www.ubuntu.com/usn/usn-387-1
来源: SUSE
名称: SUSE-SA:2006:073
链接:http://www.novell.com/linux/security/advisories/2006_73_mono.html
来源: SECTRACK
名称: 1017288
链接:http://securitytracker.com/id?1017288
来源: SECUNIA
名称: 23213
链接:http://secunia.com/advisories/23213
来源: SECUNIA
名称: 23172
链接:http://secunia.com/advisories/23172
来源: SECUNIA
名称: 23150
链接:http://secunia.com/advisories/23150
来源: MLIST
名称: [Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes
链接:http://dovecot.org/list/dovecot-news/2006-November/000023.html
受影响实体
- Timo_sirainen Dovecot:1.0.Test80<!--2000-1-1-->
- Timo_sirainen Dovecot:1.0.Test79<!--2000-1-1-->
- Timo_sirainen Dovecot:1.0.Test72<!--2000-1-1-->
- Timo_sirainen Dovecot:1.0.Test73<!--2000-1-1-->
- Timo_sirainen Dovecot:1.0.Test74<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...