Stack-based buffer overflow in the split_wildmats function in nntpd.c
Bug #880914 reported by
Dave Walker
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-imapd-2.2 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Hardy |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
cyrus-imapd-2.4 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Invalid
|
Medium
|
Unassigned | ||
Lucid |
Invalid
|
Medium
|
Unassigned | ||
Maverick |
Invalid
|
Medium
|
Unassigned | ||
Natty |
Invalid
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
kolab-cyrus-imapd (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Hardy |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
Maverick |
Won't Fix
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Stack-based buffer overflow in the split_wildmats function in nntpd.c in
nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows
remote attackers to execute arbitrary code via a crafted NNTP command.
http://
CVE References
visibility: | private → public |
Changed in cyrus-imapd-2.2 (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.2 (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Natty): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in cyrus-imapd-2.4 (Ubuntu Natty): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Maverick): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Lucid): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Hardy): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in cyrus-imapd-2.4 (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in cyrus-imapd-2.4 (Ubuntu Hardy): | |
status: | Fix Released → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Lucid): | |
status: | Fix Released → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Maverick): | |
status: | Fix Released → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Natty): | |
status: | Fix Released → Invalid |
Changed in kolab-cyrus-imapd (Ubuntu Lucid): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Maverick): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Natty): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Oneiric): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Hardy): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Natty): | |
status: | Confirmed → Won't Fix |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
status: | Confirmed → Won't Fix |
Changed in cyrus-imapd-2.4 (Ubuntu Oneiric): | |
status: | Confirmed → Won't Fix |
Changed in kolab-cyrus-imapd (Ubuntu Lucid): | |
status: | Confirmed → Incomplete |
Changed in kolab-cyrus-imapd (Ubuntu Precise): | |
status: | Confirmed → Incomplete |
To post a comment you must log in.
Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res'
Please feel free to report any other bugs you may find.