Results 1 to 1 of 1

Thread: [updated]Perdition IMAP Proxy Remote Exploit Bug

Hybrid View

  1. #1
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Exclamation [updated]Perdition IMAP Proxy Remote Exploit Bug

    This advisory applies to users running Zimbra IMAP Proxy (Perdition) only.

    I. Description

    We were recently made aware of a possible vulnerability with Zimbra (Network and Open Source Edition) installations that utilize the Perdition IMAP Proxy. If you’re not using Perdition, please ignore this message. The details of the vulnerability can be found at SecurityTracker.com Archives - Perdition Format String Bug in IMAP Proxy Lets Remote Users Execute Arbitrary Code

    A binary patch is now available to upgrade the perdition version in an existing ZCS installation (4.5.5+) to version 1.17.1, which includes the security fix.

    There are two patches. Please be sure that you install the correct version. If you are running a version prior to 4.5.5, please upgrade to a newer version of Zimbra, then appy the patch.

    Debian users: You may already be experiencing issues due to Bug 21625 - Zmperditionctl start does not write perdition.conf . Applying this patch will not fix that issue.


    II. Impact

    Perdition IMAPD is affected by a format string bug in one of its IMAP output-string formatting functions. The bug allows the execution of arbitrary code on the affected server. A successful exploit does not require prior authentication. The vulnerability has been fixed in Perdition v1.17.1, released on Oct 31, 2007. ZCS 4.5.10 will include the fix for this issue. All ZCS versions prior to 4.5.10 are affected. Zimbra 5.0 Betas are not affected.

    A binary patch is now available to upgrade ZCS 4.5.6 and above to perdition v1.17.1.


    III. Solution

    A. If you’re running ZCS 4.5.7, 4.5.8, or 4.5.9 and utilizing Perdition:

    1. Download the binary patch using the link below:

    http://files.zimbra.com/downloads/perdition/4.5.7/<PLATFORM>/perdition-1.17.1.1z.tgz

    where <PLATFORM> is the platform that you’re using, i.e. DEBIAN3.1, FC4, FC5, MACOSX, MACOSXx86, MANDRIVA2006, openSUSE_10.2, RHEL4, RHEL4_64, RHEL5, RHEL5_64, RPL1, SuSE10, SuSEES9, or UBUNTU6.06LTS

    2. Follow the steps below to apply the patch:

    (as zimbra):
    Code:
    zmperditionctl stop
    (as root):
    Code:
    cd /opt/zimbra
        tar xfz </path/to/tarball/>/perdition-1.17.1.1z.tgz
        rm -f perdition
        ln -s perdition-1.17.1.1z perdition
        chown -R zimbra:zimbra perdition-1.17.1.1z
    (as zimbra):
    Code:
    zmperditionctl start
    B. If you’re running ZCS 4.5.5 or ZCS 4.5.6 and utilizing Perdition:

    1. Download the binary patch using the link below:

    http://files.zimbra.com/downloads/perdition/4.5.5/<PLATFORM>/perdition-1.17.1.1z.tgz

    where <PLATFORM> is the platform that you’re using, i.e. DEBIAN3.1, FC4, FC5, MACOSX, MACOSXx86, MANDRIVA2006, openSUSE_10.2, RHEL4, RHEL4_64, RHEL5, RHEL5_64, RPL1, SuSE10, SuSEES9, or UBUNTU6.06LTS

    2. Follow the steps below to apply the patch:

    (as zimbra):
    Code:
    zmperditionctl stop
    (as root):
    Code:
    cd /opt/zimbra
        tar xfz </path/to/tarball/>/perdition-1.17.1.1z.tgz
        rm -f perdition
        ln -s perdition-1.17.1.1z perdition
        chown -R zimbra:zimbra perdition-1.17.1.1z
    (as zimbra):
    Code:
    zmperditionctl start

    C. If you have modified your installation to run on an unofficial platform (such as Ubuntu 7), it is unknown what the impact of installing this patch will be. Please use caution.

    D. If you’re running ZCS 4.5.4 or older and utilizing Perdition, please upgrade to 4.5.9, and follow the procedures in Step A above.

    To verify the patch has been applied successfully, please run the following command,
    Code:
    perl -e 'print "abc%n\x00\n"' | nc <hostname.domain> 143
    You should see an output similar to the following:
    Code:
    qa:~ root# perl -e 'print "abc%n\x00\n"' | nc qa.zimbra.com 143
    * OK IMAP4 Ready qa.zimbra.com 00021c99
    * BAD Invalid tag, mate
    If you don’t see the BAD line, the patch hasn’t been applied correctly. Please make sure that your perdition symbolic link is created correctly.

    Additionally, if you want to stay informed of any important issues that may come up, please subscribe to this forum.

    We have begun e-mailing Network Edition Customers of this vulerability. If Network Edition Customers need help or assistance, they should send an e-mail to support@zimbra.com

    If Open Source users need help or assistance please post in the administrator's forum thread: http://www.zimbra.com/forums/adminis...html#post65272

    -The Zimbra Team
    Last edited by jholder; 11-08-2007 at 03:17 PM.

Similar Threads

  1. imap proxy enable/disable
    By kmuralidharan in forum Administrators
    Replies: 0
    Last Post: 07-23-2007, 04:31 AM
  2. Possible IMAP Bug
    By SteveJ in forum Administrators
    Replies: 4
    Last Post: 10-27-2006, 02:33 PM
  3. Replies: 1
    Last Post: 08-17-2006, 09:43 PM
  4. remote IMAP server - courier-imap
    By gregw in forum Installation
    Replies: 2
    Last Post: 04-12-2006, 11:52 AM
  5. serious IMAP download bug (6326)
    By ericding in forum Developers
    Replies: 5
    Last Post: 04-05-2006, 11:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •