Menu
Linux vendors rush out e-mail server patches

Linux vendors rush out e-mail server patches

Several major Linux vendors have warned they are vulnerable to four flaws in a widely used IMAP e-mail server from Carnegie Mellon University's Cyrus Electronic Mail Project. The flaws could allow an attacker to take over a server.

Among the Linux vendors issuing patches for the Cyrus IMAP server are MandrakeSoft, Gentoo and Debian. IMAP (Internet Message Access Protocol) is one of the most popular standards for accessing e-mail, and the Cyrus software is designed for use by small to large enterprises.

Stefan Esser of e-matters notified the Cyrus IMAP team of the flaws early this month, and a patch was released last week, the security firm said. Public disclosure followed on Monday, and Linux vendors have released patches during the week. E-matters said it wouldn't publicly release technical details of the flaws in order to make exploitation more difficult.

Esser discovered the four bugs during an audit of the Cyrus component, called cyrus-imapd. The bugs comprise a standard stack overflow, out of bounds memory corruptions in two commands, and the use of a programming construct that is undefined according to the C standard, Esser said in an advisory. All four could be exploited to run malicious code on a server, although some take more skill to exploit than others, Esser said.

Danish security firm Secunia, which maintains a vulnerability database, gave the flaw its second most serious rating.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments
 

Industry Events

24 May
ARN Exchange
View all events