[Bug 290901] Re: [SRU] for broken header parser

2009-01-07 Thread Kees Cook 
** Changed in: dovecot (Ubuntu)
   Status: In Progress = Fix Released

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-07 Thread Martin Pitt 
Accepted into intrepid-proposed, please test and give feedback here.
Please see https://wiki.ubuntu.com/Testing/EnableProposed for
documentation how to enable and use -proposed. Thank you in advance!

** Tags added: verification-needed

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-07 Thread Mathias Gug 
Debdiff available at:
http://launchpadlibrarian.net/19445106/dovecot_1%3A1.1.4-0ubuntu1_1%3A1.1.4-0ubuntu1.1.diff.gz

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-07 Thread Martin Pitt 
Removed from -proposed on Kees' request:

2008-11-07 16:07:52 INFORemoving candidates:
2008-11-07 16:07:52 INFOdovecot 1:1.1.4-0ubuntu1.1 in intrepid
2008-11-07 16:07:52 INFOdovecot-common 1:1.1.4-0ubuntu1.1 in intrepid 
lpia
2008-11-07 16:07:52 INFOdovecot-dev 1:1.1.4-0ubuntu1.1 in intrepid lpia
2008-11-07 16:07:52 INFOdovecot-imapd 1:1.1.4-0ubuntu1.1 in intrepid 
lpia
2008-11-07 16:07:52 INFOdovecot-pop3d 1:1.1.4-0ubuntu1.1 in intrepid 
lpia
2008-11-07 16:07:52 INFORemoved-by: Martin Pitt
2008-11-07 16:07:52 INFOComment: handled as security update
2008-11-07 16:07:52 INFO5 packages successfully removed.

Security team, please reupload through -security.

** Changed in: dovecot (Ubuntu Intrepid)
   Status: Fix Committed = In Progress

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-07 Thread Kees Cook 
** Changed in: dovecot (Ubuntu)
 Assignee: (unassigned) = Mathias Gug (mathiaz)
   Status: New = In Progress

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-07 Thread Kees Cook 
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4907

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-07 Thread Kees Cook 
This has been published: http://www.ubuntu.com/usn/USN-666-1

** Changed in: dovecot (Ubuntu Intrepid)
   Status: In Progress = Fix Released

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 290901] Re: [SRU] for broken header parser

2008-11-06 Thread Mathias Gug 
I've attached a python script that triggers the problem.

** Summary changed:

- Update to 1.1.6 - important fix for broken header parser
+ [SRU] for broken header parser

** Description changed:

  Dovecot 1.1.6 has just be released fixing an important bug:
  
  The invalid message address parsing bug is pretty important since it
  allows a remote user to send broken mail headers and prevent the
  recipient from accessing the mailbox afterwards, because the process
  will always just crash trying to parse the header. This is assuming that
  the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
  doesn't affect versions older than v1.1.4.
  
+ dovecot -n and -a now prints some system information at the top.
+ More error/debug message logging improvements.
- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
  commands in the same IP packet.
- Parsing an invalid message address like From: ( caused an
  assert-crash in v1.1.4 and v1.1.5.
- Folding whitespace wasn't handled correctly inside quoted-strings,
  causing some messages to be parsed incorrectly.
- mbox: Fixed saving messages that begin with a valid From_-line.
  
  Only intrepid is affected.
+ 
+ SRU Process
+ 
+ 
+ Impact
+ -
+ As stated in the release notes:
+ 
+  allows a remote user to send broken mail headers and prevent the
+ recipient from accessing the mailbox afterwards, because the process
+ will always just crash trying to parse the header. This is assuming that
+ the IMAP client uses FETCH ENVELOPE command, not all do.
+ 
+ Patch
+ 
+ 
+ One line patch taken from the upstream repository:
+ http://hg.dovecot.org/dovecot-1.1/raw-rev/48840b2d4b18
+ 
+ --- a/src/lib-mail/message-address.c  Thu Oct 23 18:58:22 2008 +0300
+ +++ b/src/lib-mail/message-address.c  Fri Oct 24 01:56:13 2008 +0300
+ @@ -314,8 +314,7 @@ message_address_parse_real(pool_t pool, 
+   ctx.str = t_str_new(128);
+   ctx.fill_missing = fill_missing;
+  
+ - ret = rfc822_skip_lwsp(ctx.parser);
+ - if (ret == 0) {
+ + if (rfc822_skip_lwsp(ctx.parser) = 0) {
+   /* no addresses */
+   return NULL;
+   }
+ 
+ How-to reproduce the bug
+ -
+ Send an email with a From header starting with a ( and that doesn't have a ). 
Issue a FETCH ENVELOPE command.
+ Expected result:
+ Headers containing the envolope of the message.
+ Actual result:
+ The imap server closes the connection. There is an assertion failure in the 
log on the server.
+ 
+ The qa-regression-testing dovecot script has been updated with a test case to 
cover this bug:
+ 
http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/228

** Attachment added: test_imap.py
   http://launchpadlibrarian.net/19444857/test_imap.py

** Changed in: dovecot (Ubuntu Intrepid)
 Assignee: (unassigned) = Mathias Gug (mathiaz)
   Status: New = Fix Committed

-- 
[SRU] for broken header parser
https://bugs.launchpad.net/bugs/290901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs