Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > General Zimbra > Announcements
Reload this Page [updated]Perdition IMAP Proxy Remote Exploit Bug

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-06-2007, 06:36 PM
Former Zimbran
  
Posts: 5,606
Exclamation [updated]Perdition IMAP Proxy Remote Exploit Bug
This advisory applies to users running Zimbra IMAP Proxy (Perdition) only.

I. Description

We were recently made aware of a possible vulnerability with Zimbra (Network and Open Source Edition) installations that utilize the Perdition IMAP Proxy. If you’re not using Perdition, please ignore this message. The details of the vulnerability can be found at SecurityTracker.com Archives - Perdition Format String Bug in IMAP Proxy Lets Remote Users Execute Arbitrary Code

A binary patch is now available to upgrade the perdition version in an existing ZCS installation (4.5.5+) to version 1.17.1, which includes the security fix.

There are two patches. Please be sure that you install the correct version. If you are running a version prior to 4.5.5, please upgrade to a newer version of Zimbra, then appy the patch.

Debian users: You may already be experiencing issues due to Bug 21625 - Zmperditionctl start does not write perdition.conf . Applying this patch will not fix that issue.


II. Impact

Perdition IMAPD is affected by a format string bug in one of its IMAP output-string formatting functions. The bug allows the execution of arbitrary code on the affected server. A successful exploit does not require prior authentication. The vulnerability has been fixed in Perdition v1.17.1, released on Oct 31, 2007. ZCS 4.5.10 will include the fix for this issue. All ZCS versions prior to 4.5.10 are affected. Zimbra 5.0 Betas are not affected.

A binary patch is now available to upgrade ZCS 4.5.6 and above to perdition v1.17.1.


III. Solution

A. If you’re running ZCS 4.5.7, 4.5.8, or 4.5.9 and utilizing Perdition:

1. Download the binary patch using the link below:

http://files.zimbra.com/downloads/perdition/4.5.7/<PLATFORM>/perdition-1.17.1.1z.tgz

where <PLATFORM> is the platform that you’re using, i.e. DEBIAN3.1, FC4, FC5, MACOSX, MACOSXx86, MANDRIVA2006, openSUSE_10.2, RHEL4, RHEL4_64, RHEL5, RHEL5_64, RPL1, SuSE10, SuSEES9, or UBUNTU6.06LTS

2. Follow the steps below to apply the patch:

(as zimbra):
Code:
zmperditionctl stop
(as root):
Code:
cd /opt/zimbra
    tar xfz </path/to/tarball/>/perdition-1.17.1.1z.tgz
    rm -f perdition
    ln -s perdition-1.17.1.1z perdition
    chown -R zimbra:zimbra perdition-1.17.1.1z
(as zimbra):
Code:
zmperditionctl start
B. If you’re running ZCS 4.5.5 or ZCS 4.5.6 and utilizing Perdition:

1. Download the binary patch using the link below:

http://files.zimbra.com/downloads/perdition/4.5.5/<PLATFORM>/perdition-1.17.1.1z.tgz

where <PLATFORM> is the platform that you’re using, i.e. DEBIAN3.1, FC4, FC5, MACOSX, MACOSXx86, MANDRIVA2006, openSUSE_10.2, RHEL4, RHEL4_64, RHEL5, RHEL5_64, RPL1, SuSE10, SuSEES9, or UBUNTU6.06LTS

2. Follow the steps below to apply the patch:

(as zimbra):
Code:
zmperditionctl stop
(as root):
Code:
cd /opt/zimbra
    tar xfz </path/to/tarball/>/perdition-1.17.1.1z.tgz
    rm -f perdition
    ln -s perdition-1.17.1.1z perdition
    chown -R zimbra:zimbra perdition-1.17.1.1z
(as zimbra):
Code:
zmperditionctl start

C. If you have modified your installation to run on an unofficial platform (such as Ubuntu 7), it is unknown what the impact of installing this patch will be. Please use caution.

D. If you’re running ZCS 4.5.4 or older and utilizing Perdition, please upgrade to 4.5.9, and follow the procedures in Step A above.

To verify the patch has been applied successfully, please run the following command,
Code:
perl -e 'print "abc%n\x00\n"' | nc <hostname.domain> 143
You should see an output similar to the following:
Code:
qa:~ root# perl -e 'print "abc%n\x00\n"' | nc qa.zimbra.com 143
* OK IMAP4 Ready qa.zimbra.com 00021c99
* BAD Invalid tag, mate
If you don’t see the BAD line, the patch hasn’t been applied correctly. Please make sure that your perdition symbolic link is created correctly.

Additionally, if you want to stay informed of any important issues that may come up, please subscribe to this forum.

We have begun e-mailing Network Edition Customers of this vulerability. If Network Edition Customers need help or assistance, they should send an e-mail to support@zimbra.com

If Open Source users need help or assistance please post in the administrator's forum thread: Perdition Vulnerability Questions & Help

-The Zimbra Team
Last edited by jholder; 11-08-2007 at 02:17 PM..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.