pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/imap-uw Security fix for SA17062:
details: https://anonhg.NetBSD.org/pkgsrc/rev/e5391f0d8900
branches: trunk
changeset: 500299:e5391f0d8900
user: salo <salo%pkgsrc.org@localhost>
date: Wed Oct 05 15:49:44 2005 +0000
description:
Security fix for SA17062:
"A vulnerability in UW-imapd can be exploited by malicious users to
cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the
"mail_valid_net_parse_work()" function when copying the user supplied
mailbox name to a stack buffer. This can be exploited to cause a
stack-based buffer overflow via a specially crafted mailbox name that
contains an single opening double-quote character, without the
corresponding closing double-quote.
Successful exploitation allows arbitrary code execution, but requires
valid credentials on the IMAP server."
http://secunia.com/advisories/17062/
www.idefense.com/application/poi/display?id=313&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933
Patch from 2004g.
diffstat:
mail/imap-uw/Makefile | 3 ++-
mail/imap-uw/buildlink3.mk | 4 ++--
mail/imap-uw/distinfo | 3 ++-
mail/imap-uw/patches/patch-an | 17 +++++++++++++++++
4 files changed, 23 insertions(+), 4 deletions(-)
diffs (70 lines):
diff -r 2064b9706ea4 -r e5391f0d8900 mail/imap-uw/Makefile
--- a/mail/imap-uw/Makefile Wed Oct 05 15:10:16 2005 +0000
+++ b/mail/imap-uw/Makefile Wed Oct 05 15:49:44 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.101 2005/10/05 13:29:51 wiz Exp $
+# $NetBSD: Makefile,v 1.102 2005/10/05 15:49:44 salo Exp $
#
# ATTENTION:
# The Kerberos support in this software is known to be problematic. If you
@@ -6,6 +6,7 @@
# but not running Kerberos before committing the changes.
DISTNAME= imap-2004e
+PKGREVISION= 1
PKGNAME= ${DISTNAME:S/-/-uw-/}
CATEGORIES= mail
MASTER_SITES= ftp://ftp.cac.washington.edu/imap/
diff -r 2064b9706ea4 -r e5391f0d8900 mail/imap-uw/buildlink3.mk
--- a/mail/imap-uw/buildlink3.mk Wed Oct 05 15:10:16 2005 +0000
+++ b/mail/imap-uw/buildlink3.mk Wed Oct 05 15:49:44 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.4 2004/10/03 00:12:53 tv Exp $
+# $NetBSD: buildlink3.mk,v 1.5 2005/10/05 15:49:44 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
IMAP_UW_BUILDLINK3_MK:= ${IMAP_UW_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(IMAP_UW_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.imap-uw+= imap-uw>=2004
-BUILDLINK_RECOMMENDED.imap-uw+= imap-uw>=2004anb2
+BUILDLINK_RECOMMENDED.imap-uw+= imap-uw>=2004enb1
BUILDLINK_PKGSRCDIR.imap-uw?= ../../mail/imap-uw
#
# Make "-limapuw" resolve into "-lc-client".
diff -r 2064b9706ea4 -r e5391f0d8900 mail/imap-uw/distinfo
--- a/mail/imap-uw/distinfo Wed Oct 05 15:10:16 2005 +0000
+++ b/mail/imap-uw/distinfo Wed Oct 05 15:49:44 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2005/08/12 19:47:17 tv Exp $
+$NetBSD: distinfo,v 1.25 2005/10/05 15:49:44 salo Exp $
SHA1 (imap-2004e.tar.Z) = 3c5cf83489dd8ac4c2cfd43370fcec85db7bc372
RMD160 (imap-2004e.tar.Z) = 76c8596fe1a9a830bbd60fdafafb13f9bac42cd9
@@ -14,3 +14,4 @@
SHA1 (patch-ak) = c798b2aad17091526c667a552839cfe1ec0e23c9
SHA1 (patch-al) = b746d36cb324114468d07d1aba7d22c5bd5b23b2
SHA1 (patch-am) = 891de03bbc24de9eaf70d74c69b5b66d0b6b94b4
+SHA1 (patch-an) = f3c9e23406b5f6ae32ce51a81b1f2aab46d8394d
diff -r 2064b9706ea4 -r e5391f0d8900 mail/imap-uw/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/imap-uw/patches/patch-an Wed Oct 05 15:49:44 2005 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-an,v 1.1 2005/10/05 15:49:44 salo Exp $
+
+Security fix for CAN-2005-2933, from 2004g.
+
+--- src/c-client/mail.c.orig 2005-03-17 01:12:17.000000000 +0100
++++ src/c-client/mail.c 2005-10-05 17:37:13.000000000 +0200
+@@ -691,8 +691,10 @@
+ if (c == '=') { /* parse switches which take arguments */
+ if (*t == '"') { /* quoted string? */
+ for (v = arg,i = 0,++t; (c = *t++) != '"';) {
++ if (!c) return NIL; /* unterminated string */
+ /* quote next character */
+ if (c == '\\') c = *t++;
++ if (!c) return NIL; /* can't quote NUL either */
+ arg[i++] = c;
+ }
+ c = *t++; /* remember delimiter for later */
Home |
Main Index |
Thread Index |
Old Index