漏洞信息详情

Dovecot IMAP Server Mapped Pages Off-By-One缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200611-299
  • 危害等级: 中危
  • CVE编号: CVE-2006-5973
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2006-11-20
  • 威胁类型: 远程
  • 更新时间: 2006-11-27
  • 厂        商: Timo_sirainen
  • 漏洞来源: The vendor disclos...

漏洞简介

Dovecot中存在差一(off-by-one)缓冲区溢出,当系统使用了index文件并且mmap_disable设置为\"yes\"时,远程认证IMAP或者POP3用户可以通过涉及缓存文件的未明向量来发起拒绝服务攻击(崩溃)。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Dovecot Dovecot 1.0.RC10

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0 beta8

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.RC11

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.RC4

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.RC5

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.RC8

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.beta2

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.RC13

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

RedHat Fedora Core5

RedHat dovecot-1.0-0.beta8.3.fc5.i386.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat dovecot-1.0-0.beta8.3.fc5.ppc.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat dovecot-1.0-0.beta8.3.fc5.src.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat dovecot-1.0-0.beta8.3.fc5.x86_64.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat dovecot-debuginfo-1.0-0.beta8.3.fc5.i386.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat dovecot-debuginfo-1.0-0.beta8.3.fc5.ppc.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat dovecot-debuginfo-1.0-0.beta8.3.fc5.x86_64.rpm

Fedora Core 5

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

Dovecot Dovecot 1.0.RC14

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Dovecot Dovecot 1.0.RC2

Dovecot file-cache-buffer-overflow-fix.diff

http://dovecot.org/patches/1.0/file-cache-buffer-overflow-fix.diff

Dovecot dovecot-1.0.rc15.tar.gz

http://www.dovecot.org/releases/dovecot-1.0.rc15.tar.gz

Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb

Ubuntu 6.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.beta3-3ubuntu5.4_amd64.deb

Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb

Ubuntu 6.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.beta3-3ubuntu5.4_i386.deb

Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_powerpc.deb

Ubuntu 6.10:

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1 .0.beta3-3ubuntu5.4_powerpc.deb

Ubuntu dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb

Ubuntu 6.10:

http://security.ubuntu.com/ubuntu/pool

参考网址

来源: MLIST

名称: [Dovecot-news] 20091119 1.0.rc15 released

链接:http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html

来源: XF

名称: dovecot-indexcache-bo(30433)

链接:http://xforce.iss.net/xforce/xfdb/30433

来源: BID

名称: 21183

链接:http://www.securityfocus.com/bid/21183/info

来源: BUGTRAQ

名称: 20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow

链接:http://www.securityfocus.com/archive/1/archive/1/452081/100/0/threaded

来源: VUPEN

名称: ADV-2006-4614

链接:http://www.frsirt.com/english/advisories/2006/4614

来源: SECUNIA

名称: 23007

链接:http://secunia.com/advisories/23007

来源:issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-802

来源: UBUNTU

名称: USN-387-1

链接:http://www.ubuntu.com/usn/usn-387-1

来源: SUSE

名称: SUSE-SA:2006:073

链接:http://www.novell.com/linux/security/advisories/2006_73_mono.html

来源: SECTRACK

名称: 1017288

链接:http://securitytracker.com/id?1017288

来源: SECUNIA

名称: 23213

链接:http://secunia.com/advisories/23213

来源: SECUNIA

名称: 23172

链接:http://secunia.com/advisories/23172

来源: SECUNIA

名称: 23150

链接:http://secunia.com/advisories/23150

来源: MLIST

名称: [Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes

链接:http://dovecot.org/list/dovecot-news/2006-November/000023.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多