diff options
author | thierry <thierry@FreeBSD.org> | 2005-10-06 01:44:06 +0800 |
---|---|---|
committer | thierry <thierry@FreeBSD.org> | 2005-10-06 01:44:06 +0800 |
commit | 6949a31b512f20921dc75783cfad262b948f42da (patch) | |
tree | fba5d196c269871ce35335b2a143e607974dfe45 /security | |
parent | 07211277f5ba1ecd2f5a481ad4c85f31184967bb (diff) | |
download | freebsd-ports-gnome-6949a31b512f20921dc75783cfad262b948f42da.tar.gz freebsd-ports-gnome-6949a31b512f20921dc75783cfad262b948f42da.tar.zst freebsd-ports-gnome-6949a31b512f20921dc75783cfad262b948f42da.zip |
Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow
Vulnerability (CAN-2005-2933).
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 40ec320d1294..f6b183a8c1a1 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1f6e2ade-35c2-11da-811d-0050bf27ba24"> + <topic>imap-uw -- mailbox name handling remote buffer vulnerability</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2004g</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>FrSIRT reports:</p> + <blockquote cite="http://www.frsirt.com/english/advisories/2005/1953"> + <p>A vulnerability has been identified in UW-IMAP, which could + be exploited by remote attackers to execute arbitrary commands. + This flaw is due to a stack overflow error in the + "mail_valid_net_parse_work()" [src/c-client/mail.c] function that + does not properly handle specially crafted mailbox names containing + a quote (") character, which could be exploited by authenticated + remote attackers to execute arbitrary commands with the privileges + of the IMAP server.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-2933</cvename> + <url>http://www.frsirt.com/english/advisories/2005/1953</url> + <url>http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities</url> + <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url> + </references> + <dates> + <discovery>2005-10-05</discovery> + <entry>2005-10-05</entry> + </dates> + </vuln> + <vuln vid="d4c70df5-335d-11da-9c70-0040f42d58c6"> <topic>weex -- remote format string vulnerability</topic> <affects> |