[pkg-kolab] Bug#648147: Possible Cause

Soren Stoutner soren at smallbusinesstech.net
Fri Jan 6 22:04:48 UTC 2012


It is possible that this bug is the same as the one referenced below.  It does 
seem to crash in the middle of an IMAP connection.

Package        : cyrus-imapd-2.2
Vulnerability  : NULL pointer dereference
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2011-3481

It was discovered that cyrus-imapd, a highly scalable mail system designed
for use in enterprise environments, is not properly parsing mail headers
when a client makes use of the IMAP threading feature.  As a result, a NULL
pointer is dereferenced which crashes the daemon.  An attacker can trigger
this by sending a mail containing crafted reference headers and access the
mail with a client that uses the server threading feature of IMAP.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.2.13-14+lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 2.2.13-19+squeeze3.

For the testing (wheezy) and unstable (sid) distributions, this problem has 
been
fixed in cyrus-imapd-2.4 version 2.4.11-1.

We recommend that you upgrade your cyrus-imapd-2.2 packages.

-- 
Soren Stoutner
Small Business Tech Solutions
623-262-6169
soren at smallbusinesstech.net
www.smallbusinesstech.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-kolab-devel/attachments/20120106/0984af42/attachment.pgp>


More information about the pkg-kolab-devel mailing list