Stack-based buffer overflow in the split_wildmats function in nntpd.c

Bug #880914 reported by Dave Walker
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cyrus-imapd-2.2 (Ubuntu)
Invalid
Medium
Unassigned
Hardy
Won't Fix
Medium
Unassigned
Lucid
Fix Released
Medium
Unassigned
Maverick
Fix Released
Medium
Unassigned
Natty
Won't Fix
Medium
Unassigned
Oneiric
Won't Fix
Medium
Unassigned
Precise
Won't Fix
Medium
Unassigned
cyrus-imapd-2.4 (Ubuntu)
Fix Released
Medium
Unassigned
Hardy
Invalid
Medium
Unassigned
Lucid
Invalid
Medium
Unassigned
Maverick
Invalid
Medium
Unassigned
Natty
Invalid
Medium
Unassigned
Oneiric
Won't Fix
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
kolab-cyrus-imapd (Ubuntu)
Invalid
Medium
Unassigned
Hardy
Won't Fix
Medium
Unassigned
Lucid
Won't Fix
Medium
Unassigned
Maverick
Won't Fix
Medium
Unassigned
Natty
Won't Fix
Medium
Unassigned
Oneiric
Won't Fix
Medium
Unassigned
Precise
Won't Fix
Medium
Unassigned

Bug Description

Stack-based buffer overflow in the split_wildmats function in nntpd.c in
nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows
remote attackers to execute arbitrary code via a crafted NNTP command.

http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3208

CVE References

Dave Walker (davewalker)
visibility: private → public
Changed in cyrus-imapd-2.2 (Ubuntu Lucid):
status: New → Fix Released
Changed in cyrus-imapd-2.2 (Ubuntu Maverick):
status: New → Fix Released
Changed in cyrus-imapd-2.2 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in cyrus-imapd-2.2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in cyrus-imapd-2.2 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in cyrus-imapd-2.2 (Ubuntu Natty):
importance: Undecided → Medium
status: New → Confirmed
Changed in cyrus-imapd-2.2 (Ubuntu Hardy):
status: New → Confirmed
Changed in cyrus-imapd-2.2 (Ubuntu Oneiric):
importance: Undecided → Medium
status: New → Confirmed
Dave Walker (davewalker)
Changed in cyrus-imapd-2.2 (Ubuntu Precise):
importance: Undecided → Medium
status: New → Confirmed
Changed in cyrus-imapd-2.4 (Ubuntu Natty):
importance: Undecided → Medium
status: New → Fix Released
Changed in cyrus-imapd-2.4 (Ubuntu Maverick):
importance: Undecided → Medium
status: New → Fix Released
Changed in cyrus-imapd-2.4 (Ubuntu Lucid):
importance: Undecided → Medium
status: New → Fix Released
Changed in cyrus-imapd-2.4 (Ubuntu Hardy):
importance: Undecided → Medium
status: New → Fix Released
Changed in cyrus-imapd-2.4 (Ubuntu Oneiric):
importance: Undecided → Medium
status: New → Confirmed
Changed in cyrus-imapd-2.4 (Ubuntu Precise):
importance: Undecided → Medium
status: New → Confirmed
Dave Walker (davewalker)
Changed in cyrus-imapd-2.4 (Ubuntu Hardy):
status: Fix Released → Invalid
Changed in cyrus-imapd-2.4 (Ubuntu Lucid):
status: Fix Released → Invalid
Changed in cyrus-imapd-2.4 (Ubuntu Maverick):
status: Fix Released → Invalid
Changed in cyrus-imapd-2.4 (Ubuntu Natty):
status: Fix Released → Invalid
Changed in kolab-cyrus-imapd (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in kolab-cyrus-imapd (Ubuntu Maverick):
status: New → Confirmed
importance: Undecided → Medium
Changed in kolab-cyrus-imapd (Ubuntu Natty):
status: New → Confirmed
importance: Undecided → Medium
Changed in kolab-cyrus-imapd (Ubuntu Oneiric):
status: New → Confirmed
importance: Undecided → Medium
Changed in kolab-cyrus-imapd (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Medium
Changed in kolab-cyrus-imapd (Ubuntu Hardy):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in kolab-cyrus-imapd (Ubuntu Maverick):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against natty is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in kolab-cyrus-imapd (Ubuntu Natty):
status: Confirmed → Won't Fix
Changed in cyrus-imapd-2.2 (Ubuntu Natty):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. hardy has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against hardy is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in kolab-cyrus-imapd (Ubuntu Hardy):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against oneiric is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in kolab-cyrus-imapd (Ubuntu Oneiric):
status: Confirmed → Won't Fix
Changed in cyrus-imapd-2.2 (Ubuntu Hardy):
status: Confirmed → Won't Fix
Changed in cyrus-imapd-2.4 (Ubuntu Oneiric):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

cyrus-imapd-2.4 was fixed in 2.4.12-2

Changed in cyrus-imapd-2.2 (Ubuntu Oneiric):
status: Confirmed → Won't Fix
Changed in cyrus-imapd-2.4 (Ubuntu):
status: Confirmed → Fix Released
Changed in cyrus-imapd-2.4 (Ubuntu Precise):
status: Confirmed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

cyrus-imapd-2.2 does not exist in 12.04 LTS.

Changed in cyrus-imapd-2.2 (Ubuntu):
status: Confirmed → Invalid
Changed in cyrus-imapd-2.2 (Ubuntu Precise):
status: Confirmed → Won't Fix
Changed in kolab-cyrus-imapd (Ubuntu):
status: Confirmed → Incomplete
Changed in kolab-cyrus-imapd (Ubuntu Lucid):
status: Confirmed → Incomplete
Changed in kolab-cyrus-imapd (Ubuntu Precise):
status: Confirmed → Incomplete
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in kolab-cyrus-imapd (Ubuntu Lucid):
status: Incomplete → Won't Fix
Revision history for this message
Steve Beattie (sbeattie) wrote :

kolab-cyrus-imapd was removed from the archive between precise and trusty, closing the non-targeted task. The vulnerable code exists and is unfixed in precise's version of kolab-cyrus-imapd, marking confirmed.

Changed in kolab-cyrus-imapd (Ubuntu):
status: Incomplete → Invalid
Changed in kolab-cyrus-imapd (Ubuntu Precise):
status: Incomplete → Triaged
Revision history for this message
Steve Beattie (sbeattie) wrote :
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in kolab-cyrus-imapd (Ubuntu Precise):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.