Up IMAPproxy 格式化字符串漏洞

漏洞信息详情

Up IMAPproxy 格式化字符串漏洞

• CNNVD编号：CNNVD-200510-093
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2005-2661
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2005-10-14
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  up-imapproxy
• 漏洞来源：
  Discovery is credi…

ImapProxy 是一个和webmail配合使用的IMAP缓存代理服务器。

up-imapproxy 1.2.3和1.2.4的main.c中的ParseBannerAndCapability函数存在格式化字符串漏洞。远程IMAP服务器可以借助banner或capability line中的格式化字符串说明符执行任意代码。

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

up-imapproxy up-imapproxy 1.2.3

Debian imapproxy_1.2.3-1sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_alpha.deb

Debian imapproxy_1.2.3-1sarge1_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_amd64.deb

Debian imapproxy_1.2.3-1sarge1_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_arm.deb

Debian imapproxy_1.2.3-1sarge1_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_hppa.deb

Debian imapproxy_1.2.3-1sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_i386.deb

Debian imapproxy_1.2.3-1sarge1_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_ia64.deb

Debian imapproxy_1.2.3-1sarge1_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_m68k.deb

Debian imapproxy_1.2.3-1sarge1_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_mips.deb

Debian imapproxy_1.2.3-1sarge1_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_mipsel.deb

Debian imapproxy_1.2.3-1sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_powerpc.deb

Debian imapproxy_1.2.3-1sarge1_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_sparc.deb

来源: DEBIAN

名称: DSA-852

链接:http://www.debian.org/security/2005/dsa-852

来源: BID

名称: 15048

链接:http://www.securityfocus.com/bid/15048

来源: VUPEN

名称: ADV-2005-2015

链接:http://www.frsirt.com/english/advisories/2005/2015

来源: VUPEN

名称: ADV-2005-2014

链接:http://www.frsirt.com/english/advisories/2005/2014

来源: SECUNIA

名称: 17100

链接:http://secunia.com/advisories/17100/

来源: GENTOO

名称: GLSA-200603-04

链接:http://www.gentoo.org/security/en/glsa/glsa-200603-04.xml

来源: SREASON

名称: 547

链接:http://securityreason.com/securityalert/547

来源: SECUNIA

名称: 19113

链接:http://secunia.com/advisories/19113

来源: SECUNIA

名称: 17120

链接:http://secunia.com/advisories/17120