Fedora Core 3 : cyrus-imapd-2.2.12-1.1.fc3 (2005-339)

high Nessus Plugin ID 62256

Synopsis

The remote Fedora Core host is missing a security update.

Description

Several buffer overflow bugs were found in cyrus-imapd. It is possible that an authenticated malicious user could cause the imap server to crash. Additionally, a peer news admin could potentially execute arbitrary code on the imap server when news is received using the fetchnews command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0546 to this issue.

In addition this version of the rpm contains a collection of other fixes since the last FC3 update (see below changelog).

>>>>>>>>>>>><i> IMPORTANT NOTE FOR X86_64 INSTALLATION <<<<<<<<<<<< </I> This rpm also fixes bug #156121 that incorrectly placed some executables /usr/lib64/cyrus-imapd. /usr/lib64 is reserved for 64 bit libraries and this caused problems for existing scripts that expected to find them in a canonical location (/usr/lib/cyrus-imapd) and violated the multilib packaging guidelines. Only references external to the cyrus-imapd package are affected by this, the rpm is self consistent. The most notable example is /usr/lib64/cyrus-impad/deliver which is now /usr/lib/cyrus-imapd/deliver (use of lmtp is encouraged in preference to deliver). This change only affects x86_64 installations.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?770b4e38

Plugin Details

Severity: High

ID: 62256

File Name: fedora_2005-339.nasl

Version: 1.8

Type: local

Agent: unix

Published: 9/24/2012

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:cyrus-imapd, p-cpe:/a:fedoraproject:fedora:cyrus-imapd-devel, p-cpe:/a:fedoraproject:fedora:cyrus-imapd-murder, p-cpe:/a:fedoraproject:fedora:cyrus-imapd-nntp, p-cpe:/a:fedoraproject:fedora:cyrus-imapd-utils, p-cpe:/a:fedoraproject:fedora:perl-cyrus, cpe:/o:fedoraproject:fedora_core:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/27/2005

Reference Information

CVE: CVE-2005-0546

FEDORA: 2005-339