____________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux: imapd buffer overflow when fetching partial mailbox attributes
Advisory number: CSSA-2002-021.0
Issue date: 2002 May 15
Cross reference:
____________________________________________________________________________
1. Problem Description
A malicious user may construct a malformed request that will
cause a buffer overflow, allowing the user to run code on the
server with the uid and gid of the e-mail owner.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm
OpenLinux 3.1.1 Workstation prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm
OpenLinux 3.1 Server prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm
OpenLinux 3.1 Workstation prior to imap-2000-14.i386.rpm
prior to imap-devel-2000-14.i386.rpm
3. Solution
The proper solution is to install the latest packages.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
4.2 Packages
3d4c39ed407a122f963f9f508f908c92 imap-2000-14.i386.rpm
5c49edd5001471188ed6da5a20413f42 imap-devel-2000-14.i386.rpm
4.3 Installation
rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm
4.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
4.5 Source Packages
7aca0b5e4236dac8b9bbce8879d84bd8 imap-2000-14.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS
5.2 Packages
d38decbc4fd541389f150a801dbd6024 imap-2000-14.i386.rpm
4833a72e3afde52d6f88fefdf2ac6fb4 imap-devel-2000-14.i386.rpm
5.3 Installation
rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm
5.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS
5.5 Source Packages
0dc9c6f44c0a233ff31efc296159a812 imap-2000-14.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
6.2 Packages
cbe5748e7adea78a897b2b530a4f6885 imap-2000-14.i386.rpm
763992a12de3ac0bdf53ea03c92b0c79 imap-devel-2000-14.i386.rpm
6.3 Installation
rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm
6.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
6.5 Source Packages
decd197cfdce836c921560097573e9b3 imap-2000-14.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
7.2 Packages
863d0908cf6a00488bd705bfe16e4d4c imap-2000-14.i386.rpm
a2db300f0a06d9be119c39a40fb4f368 imap-devel-2000-14.i386.rpm
7.3 Installation
rpm -Fvh imap-2000-14.i386.rpm
rpm -Fvh imap-devel-2000-14.i386.rpm
7.4 Source Package Location
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
7.5 Source Packages
2ea45d3516faaaae52a2f8053deaf30c imap-2000-14.src.rpm
8. References
Specific references for this advisory:
none
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
This security fix closes Caldera incidents sr864139, fz520938
and erg712042.
9. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.
10. Acknowledgements
Marcell Fodor (m.fodor@mail.datanet.hu) discovered and reported
this vulnerability.
____________________________________________________________________________
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.