diff options
| author | simon <simon@FreeBSD.org> | 2005-02-28 04:34:17 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2005-02-28 04:34:17 +0800 |
| commit | ab7f47b781795d787193e524ff98a53aa6c8068e (patch) | |
| tree | 0a980105ea2968faf5932be166b1d2c1874776ab /security/vuxml | |
| parent | 500a70e9f9a24d46b832bc0bc3d3ef82330620f6 (diff) | |
| download | freebsd-ports-gnome-ab7f47b781795d787193e524ff98a53aa6c8068e.tar.gz freebsd-ports-gnome-ab7f47b781795d787193e524ff98a53aa6c8068e.tar.zst freebsd-ports-gnome-ab7f47b781795d787193e524ff98a53aa6c8068e.zip | |
- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1]
- Use bid tag for a reference in sup entry.
Advice from: ume [1]
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 714de90068b1..937627e6776a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,48 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b2d248ad-88f6-11d9-aa18-0001020eed82"> + <topic>cyrus-imapd -- multiple buffer overflow vulnerabilities</topic> + <affects> + <package> + <name>cyrus-imapd</name> + <range><lt>2.1.18</lt></range> + <range><gt>2.2.*</gt><lt>2.2.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Cyrus IMAP Server ChangeLog states:</p> + <blockquote cite="http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"> + <ul> + <li>Fix possible single byte overflow in mailbox handling + code.</li> + <li>Fix possible single byte overflows in the imapd + annotate extension.</li> + <li>Fix stack buffer overflows in fetchnews (exploitable + by peer news server), backend (exploitable by admin), + and in imapd (exploitable by users though only on + platforms where a filename may be larger than a mailbox + name).</li> + </ul> + </blockquote> + <p>The 2.1.X series are reportedly only affected by the second + issue.</p> + <p>These issues may lead to execution of arbitrary code with + the permissions of the user running the Cyrus IMAP + Server.</p> + </body> + </description> + <references> + <bid>12636</bid> + <url>http://asg.web.cmu.edu/cyrus/download/imapd/changes.html</url> + </references> + <dates> + <discovery>2005-02-14</discovery> + <entry>2005-02-27</entry> + </dates> + </vuln> + <vuln vid="2c5757f4-88bf-11d9-8720-0007e900f87b"> <topic>sup -- format string vulnerability</topic> <affects> @@ -55,9 +97,9 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </body> </description> <references> + <bid>10571</bid> <cvename>CAN-2004-0451</cvename> <url>http://www.securityfocus.com/advisories/6874</url> - <url>http://www.securityfocus.com/bid/10571</url> </references> <dates> <discovery>2004-06-19</discovery> |