• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities

Solution:
Ubuntu Linux has released advisory (USN-37-1) to address one of the vulnerabilities that is described in this BID. Please see the referenced advisory for further information.

Gentoo has released advisory GLSA 200411-34 to address these issues. Gentoo updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.10"

Mandrake has released advisory MDKSA-2004:139 to address these issues. Please see the attached advisory for details on obtaining and applying fixes.

The vendor has released version 2.2.10 and 2.1.17 of the affected package to resolve these issues:

RedHat Fedora Linux has released advisory FEDORA-2004-487 for their Core 2 product and advisory FEDORA-2004-489 for their Core 3 product. Please see the referenced advisories for more information.

Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. An update for Mac OS X Server v10.3.8 is available.


Apple Mac OS X Server 10.3.8

• Apple SecUpdSrvr2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05530&plat form=osx&method=sa/SecUpdSrvr2005-003Pan.dmg

Carnegie Mellon University Cyrus IMAP Server 2.1.10

• Carnegie Mellon University cyrus-imapd-2.1.17.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.17.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.1.16

• Carnegie Mellon University cyrus-imapd-2.1.17.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.17.tar.gz


• Mandrake cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Ubuntu cyrus21-admin_2.1.16-6ubuntu0.2_all.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-ad min_2.1.16-6ubuntu0.2_all.deb


• Ubuntu cyrus21-clients_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-cl ients_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu cyrus21-clients_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-cl ients_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu cyrus21-clients_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-cl ients_2.1.16-6ubuntu0.2_powerpc.deb


• Ubuntu cyrus21-common_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-co mmon_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu cyrus21-common_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-co mmon_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu cyrus21-common_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-co mmon_2.1.16-6ubuntu0.2_powerpc.deb


• Ubuntu cyrus21-dev_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-de v_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu cyrus21-dev_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-de v_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu cyrus21-dev_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-de v_2.1.16-6ubuntu0.2_powerpc.deb


• Ubuntu cyrus21-doc_2.1.16-6ubuntu0.2_all.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-do c_2.1.16-6ubuntu0.2_all.deb


• Ubuntu cyrus21-imapd_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-im apd_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu cyrus21-imapd_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-im apd_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu cyrus21-imapd_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-im apd_2.1.16-6ubuntu0.2_powerpc.deb


• Ubuntu cyrus21-murder_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-mu rder_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu cyrus21-murder_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-mu rder_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu cyrus21-murder_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-mu rder_2.1.16-6ubuntu0.2_powerpc.deb


• Ubuntu cyrus21-pop3d_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-po p3d_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu cyrus21-pop3d_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-po p3d_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu cyrus21-pop3d_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-po p3d_2.1.16-6ubuntu0.2_powerpc.deb


• Ubuntu libcyrus-imap-perl21_2.1.16-6ubuntu0.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-i map-perl21_2.1.16-6ubuntu0.2_amd64.deb


• Ubuntu libcyrus-imap-perl21_2.1.16-6ubuntu0.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-i map-perl21_2.1.16-6ubuntu0.2_i386.deb


• Ubuntu libcyrus-imap-perl21_2.1.16-6ubuntu0.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-i map-perl21_2.1.16-6ubuntu0.2_powerpc.deb

Carnegie Mellon University Cyrus IMAP Server 2.1.7

• Carnegie Mellon University cyrus-imapd-2.1.17.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.17.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.1.9

• Carnegie Mellon University cyrus-imapd-2.1.17.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.1.17.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.3

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz


• Fedora cyrus-imapd-2.2.10-1.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-2.2.10-1.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-devel-2.2.10-1.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-devel-2.2.10-1.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-murder-2.2.10-1.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-murder-2.2.10-1.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-nntp-2.2.10-1.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-nntp-2.2.10-1.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-utils-2.2.10-1.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora cyrus-imapd-utils-2.2.10-1.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora perl-Cyrus-2.2.10-1.fc2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora perl-Cyrus-2.2.10-1.fc2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

Carnegie Mellon University Cyrus IMAP Server 2.2.4

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.5

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.6

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz


• Fedora cyrus-imapd-2.2.10-1.fc3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-2.2.10-1.fc3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-devel-2.2.10-1.fc3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-devel-2.2.10-1.fc3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-murder-2.2.10-1.fc3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-murder-2.2.10-1.fc3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-nntp-2.2.10-1.fc3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-nntp-2.2.10-1.fc3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-utils-2.2.10-1.fc3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora cyrus-imapd-utils-2.2.10-1.fc3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora perl-Cyrus-2.2.10-1.fc3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora perl-Cyrus-2.2.10-1.fc3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Carnegie Mellon University Cyrus IMAP Server 2.2.7

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.8

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz


• Mandrake cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

Carnegie Mellon University Cyrus IMAP Server 2.2.9

• Carnegie Mellon University cyrus-imapd-2.2.10.tar.gz
  ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.10.tar.gz