Debian DLA-1700-1 : uw-imap security update

High Nessus Plugin ID 122548

Synopsis

The remote Debian host is missing a security update.

Description

A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics.

This update disables access to IMAP mailboxes through running imapd over rsh, and therefore ssh for users of the client application. Code which uses the library can still enable it with tcp_parameters() after making sure that the IMAP server name is sanitized.

For Debian 8 'Jessie', this problem has been fixed in version 8:2007f~dfsg-4+deb8u1.

We recommend that you upgrade your uw-imap packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html

https://packages.debian.org/source/jessie/uw-imap

Plugin Details

Severity: High

ID: 122548

File Name: debian_DLA-1700.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/03/04

Updated: 2019/04/04

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libc-client2007e, p-cpe:/a:debian:debian_linux:libc-client2007e-dev, p-cpe:/a:debian:debian_linux:mlock, p-cpe:/a:debian:debian_linux:uw-mailutils, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/03/01

Vulnerability Publication Date: 2018/11/25

Exploitable With

Metasploit (php imap_open Remote Code Execution)

Reference Information

CVE: CVE-2018-19518