CVE-2011-3208: Buffer Overflow

First published: Wed Aug 31 2011(Updated: )

A remotely exploitable buffer overflow flaw was found in Cyrus' nntpd. A malicious NNTP client would be able to exploit this to execute arbitrary code on a vulnerable nntpd server. If the 'allowanonymouslogin' option was set in imapd.conf, it could be done without authentication. When compiled with FORTIFY_SOURCE (the default on Red Hat Enterprise Linux 5 and 6, as well as Fedora), this flaw is not exploitable and will result in a crash of the nntpd service. The following patch will correct the flaw: diff --git a/imap/nntpd.c b/imap/nntpd.c index 56405d3..6b30174 100644 --- a/imap/nntpd.c +++ b/imap/nntpd.c @@ -4131,7 +4131,8 @@ static struct wildmat *split_wildmats(char *str) else if (*c == '@') wild[n].not = -1; /* absolute not (feeding) */ else wild[n].not = 0; - strcpy(p, wild[n].not ? c + 1 : c); + strncpy(p, wild[n].not ? c + 1 : c, pattern+sizeof(pattern) - p); + pattern[sizeof(pattern)-1] = '\0'; wild[n++].pat = xstrdup(pattern); } while (c != str); wild[n].pat = NULL;

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-historical
• collector/redhat-cve
• collector/nvd-index
• agent/type
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• agent/severity
• agent/references
• agent/weakness
• agent/author
• agent/last-modified-date
• agent/remedy
• agent/tags
• agent/description
• agent/event
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2011-3208
• agent/software-canonical-lookup
• vendor/cmu
• canonical/cmu cyrus imap server
• version/cmu cyrus imap server/2.2.12
• version/cmu cyrus imap server/2.2.14
• version/cmu cyrus imap server/2.3.13
• version/cmu cyrus imap server/2.3.16
• version/cmu cyrus imap server/2.2.13p1
• version/cmu cyrus imap server/2.3.12
• version/cmu cyrus imap server/2.1.17
• version/cmu cyrus imap server/2.3.6
• version/cmu cyrus imap server/2.3.0
• version/cmu cyrus imap server/2.2.11
• version/cmu cyrus imap server/2.3.14
• version/cmu cyrus imap server/2.3.2
• version/cmu cyrus imap server/2.3.11
• version/cmu cyrus imap server/2.3.8
• version/cmu cyrus imap server/2.3.5
• version/cmu cyrus imap server/2.2.9
• version/cmu cyrus imap server/2.3.9
• version/cmu cyrus imap server/2.3.10
• version/cmu cyrus imap server/2.2.13
• version/cmu cyrus imap server/2.1.16
• version/cmu cyrus imap server/2.3.7
• version/cmu cyrus imap server/2.2.8
• version/cmu cyrus imap server/2.0.17
• version/cmu cyrus imap server/2.3.1
• version/cmu cyrus imap server/2.3.4
• version/cmu cyrus imap server/2.2.10
• version/cmu cyrus imap server/2.1.18
• version/cmu cyrus imap server/2.3.3
• version/cmu cyrus imap server/2.3.15
• version/cmu cyrus imap server/2.4.1
• version/cmu cyrus imap server/2.4.5
• version/cmu cyrus imap server/2.4.0
• version/cmu cyrus imap server/2.4.10
• version/cmu cyrus imap server/2.4.8
• version/cmu cyrus imap server/2.4.7
• version/cmu cyrus imap server/2.4.6
• version/cmu cyrus imap server/2.4.3
• version/cmu cyrus imap server/2.4.4
• version/cmu cyrus imap server/2.4.2
• version/cmu cyrus imap server/2.4.9
• package-manager/redhat