漏洞信息详情
University of Washington IMAP 'smtp.c' 空指针拒绝服务漏洞
- CNNVD编号:CNNVD-200811-160
- 危害等级: 中危
- CVE编号: CVE-2008-5006
- 漏洞类型: 资源管理错误
- 发布时间: 2008-11-10
- 威胁类型: 远程
- 更新时间: 2009-01-23
- 厂 商: university_of_washington
- 漏洞来源: Nico Golde
漏洞简介
University of Washington IMAP Toolkit是华盛顿大学开发的消息访问协议(IMAP)工具包。
University of Washington IMAP Toolkit 2007b版本的c-client库中的smtp.c允许远程SMTP服务商通过对退出指令作出响应,来引起拒绝服务攻击(空指针引用和应用程序崩溃)。该退出指令是用于关闭TCP连接而非期望的221响应代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian
Debian Linux 4.0 amd64
Debian ipopd-ssl_2002edebian1-13.1+etch1_all.deb
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
Mandriva imap-devel-2006k-1.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva imap-utils-2006k-1.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva lib64c-client-php-devel-2006k-1.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva lib64c-client-php0-2006k-1.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 4.0 ia-32
Debian ipopd-ssl_2002edebian1-13.1+etch1_all.deb
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
Mandriva imap-devel-2006k-1.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva imap-utils-2006k-1.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libc-client-php-devel-2006k-1.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libc-client-php0-2006k-1.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 4.0 hppa
Debian ipopd-ssl_2002edebian1-13.1+etch1_all.deb
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
Mandriva libc-client0-2007b-1.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 4.0 powerpc
Debian ipopd-ssl_2002edebian1-13.1+etch1_all.deb
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
Mandriva imap-devel-2004e-1.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
Mandriva imap-utils-2004e-1.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libc-client-php0-2004e-1.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
Mandriva libc-client-php0-devel-2004e-1.2.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 4.0
Debian ipopd-ssl_2002edebian1-13.1+etch1_all.deb
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
Mandriva lib64c-client0-2007b-1.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 4.0 mipsel
Debian ipopd-ssl_2002edebian1-13.1+etch1_all.deb
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
Mandriva imap-devel-2002d-8.5.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva imap-utils-2002d-8.5.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0
Mandriva imap-2002d-8.5.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
Mandriva imap-devel-2002d-8.5.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
Mandriva imap-utils-2002d-8.5.C30mdk.i586.rpm
http://www.m
参考网址
来源: XF
名称: imap-toolkit-smtp-dos(46604)
链接:http://xforce.iss.net/xforce/xfdb/46604
来源: BID
名称: 32280
链接:http://www.securityfocus.com/bid/32280
来源: MLIST
名称: [oss-security] 20081103 Re: CVE request - uw-imap
链接:http://www.openwall.com/lists/oss-security/2008/11/03/5
来源: MANDRIVA
名称: MDVSA-2009:146
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
来源: DEBIAN
名称: DSA-1685
链接:http://www.debian.org/security/2008/dsa-1685
来源: SECUNIA
名称: 33142
链接:http://secunia.com/advisories/33142
受影响实体
- University_of_washington Imap_toolkit:2007b
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论