STARTTLS plaintext command injection vulnerability - Githubissues

cyrusimap / cyrus-imapd

Cyrus IMAP is an email, contacts and calendar server

http://cyrusimap.org

Other

524 stars 145 forks source link

STARTTLS plaintext command injection vulnerability #1289

Closed brong closed 13 years ago

brong commented 13 years ago

From: Jeroen van Meeuwen (Kolab Systems) Bugzilla-Id: 3425 Version: 2.3.x Owner: Jeroen van Meeuwen (Kolab Systems)

brong commented 13 years ago

From: Jeroen van Meeuwen (Kolab Systems)

A fix is in master:

http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162

+++ This bug was initially created as a clone of Bug #3423 +++

All Cyrus services are subject to the vulnerability described here:

http://www.kb.cert.org/vuls/id/555316

brong commented 13 years ago

From: Jeroen van Meeuwen (Kolab Systems)

Almost cherry-picked cleanly, but is now in cyrus-imapd-2.3 also.

brong commented 13 years ago

From: Øyvind Kolbu

Does not compile:

cc-wrapper -c -I.. -I/local/include -I/local/include -DHAVE_CONFIG_H -I/local/include -fPIC -fpic \ prot.c prot.c: In function prot_flush': prot.c:750: structure has no member namedcan_unget' make[1]: *** [prot.o] Error 1

brong commented 13 years ago

From: Jeroen van Meeuwen (Kolab Systems)

protstream structure has no member can_unget indeed, it's introduced in 2.4+. Fixed in 82cbb4adddeafbf9998de110831ad593f94a5a06