Courier-IMAP用户名SQL注入漏洞

漏洞信息详情

Courier-IMAP用户名SQL注入漏洞

• CNNVD编号：CNNVD-200302-028
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0040
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2003-02-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  inter7
• 漏洞来源：
  Courier-IMAP

Courier-IMAP是一个提供IMAP协议访问Maildir的邮件服务程序。
Courier-IMAP在验证阶段不充分过滤用户提供的用户名数据，远程攻击者可以利用这个漏洞进行SQL注入攻击，破坏数据库。
Courier-IMAP中的PostgreSQL_auth验证模块存在漏洞，在把用户名传递给PostgreSQL引擎的时候，没有充分过滤恶意字符，攻击者可以在用户名中插入任意SQL命令，更改原来的SQL逻辑，导致获得数据库敏感信息，或者进行其他数据库破坏等恶意活动。

厂商补丁：
Debian
——
Debian已经为此发布了一个安全公告(DSA-247-1)以及相应补丁:

DSA-247-1：New courier packages fix SQL injection

链接：http://www.debian.org/security/2003/dsa-247” target=”_blank”>
http://www.debian.org/security/2003/dsa-247

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3.dsc

Size/MD5 checksum: 846 06c98336ee0e40813eac24cb59574de8

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3.diff.gz

Size/MD5 checksum: 12649 bac28bb29418f9d965aedeb819876ebc

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3.orig.tar.gz

Size/MD5 checksum: 3238268 f5f742679ac97906fc306763e08e1ed8

Alpha architecture:

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_alpha.deb

Size/MD5 checksum: 43286 d73b6054896137f6593a4b438da54fdc

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_alpha.deb

Size/MD5 checksum: 9970 f8141363587679a4badc7c1c7e714751

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_alpha.deb

Size/MD5 checksum: 7700 6b774c8584957bee71f0cf4f66aac69a

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_alpha.deb

Size/MD5 checksum: 9748 d75800272a41656b4324131a8de3a47c

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_alpha.deb

Size/MD5 checksum: 93626 7cb6a750dfcd12d70cc792d6c0c25e44

ARM architecture:

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_arm.deb

Size/MD5 checksum: 31688 76f041c97200593230de7d75b74a27fa

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_arm.deb

Size/MD5 checksum: 9982 0391cd8403375b732364729533195baa

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_arm.deb

Size/MD5 checksum: 7710 39351976e1843f6c376864d578c88f8a

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_arm.deb

Size/MD5 checksum: 9762 c012baa4e698f48e6e74562f6f626d83

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_arm.deb

Size/MD5 checksum: 85796 b9ef96842ea07aa90f55e5ed9a22fcc6

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_i386.deb

Size/MD5 checksum: 31702 06f4eb45fef2f3bdc3240489e54ddb94

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_i386.deb

Size/MD5 checksum: 9986 584fe5ff49d360476ebf7ae799f55d78

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_i386.deb

Size/MD5 checksum: 7702 3deb08407cafe11d7f6560992aab1548

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_i386.deb

Size/MD5 checksum: 9754 8281e82d5e9a586d9f7c65e56cdb9d5e

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_i386.deb

Size/MD5 checksum: 85934 88583de865d2a8a71642c573a581b37c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_ia64.deb

Size/MD5 checksum: 52488 9f27903c254017232f683d241291554a

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_ia64.deb

Size/MD5 checksum: 9966 c7892d31d784570e0b850f830de54b7a

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_ia64.deb

Size/MD5 checksum: 7702 432d440f8eed3064669685ba2137e675

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_ia64.deb

Size/MD5 checksum: 9744 16db3ffd78cf03be43f42d3dbad42abd

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_ia64.deb

Size/MD5 checksum: 99776 b4ad9bfa2138c815e6ef0bdce451ad1f

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_hppa.deb

Size/MD5 checksum: 38698 6354e42a8825547180e1d72ce88d4411

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_hppa.deb

Size/MD5 checksum: 9988 a3840b6d07ecbbb331013b2974793f9b

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_hppa.