aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorthierry <thierry@FreeBSD.org>2005-10-06 01:44:06 +0800
committerthierry <thierry@FreeBSD.org>2005-10-06 01:44:06 +0800
commit6949a31b512f20921dc75783cfad262b948f42da (patch)
treefba5d196c269871ce35335b2a143e607974dfe45 /security
parent07211277f5ba1ecd2f5a481ad4c85f31184967bb (diff)
downloadfreebsd-ports-gnome-6949a31b512f20921dc75783cfad262b948f42da.tar.gz
freebsd-ports-gnome-6949a31b512f20921dc75783cfad262b948f42da.tar.zst
freebsd-ports-gnome-6949a31b512f20921dc75783cfad262b948f42da.zip
Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow
Vulnerability (CAN-2005-2933).
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml35
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 40ec320d1294..f6b183a8c1a1 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="1f6e2ade-35c2-11da-811d-0050bf27ba24">
+ <topic>imap-uw -- mailbox name handling remote buffer vulnerability</topic>
+ <affects>
+ <package>
+ <name>imap-uw</name>
+ <range><lt>2004g</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>FrSIRT reports:</p>
+ <blockquote cite="http://www.frsirt.com/english/advisories/2005/1953">
+ <p>A vulnerability has been identified in UW-IMAP, which could
+ be exploited by remote attackers to execute arbitrary commands.
+ This flaw is due to a stack overflow error in the
+ "mail_valid_net_parse_work()" [src/c-client/mail.c] function that
+ does not properly handle specially crafted mailbox names containing
+ a quote (") character, which could be exploited by authenticated
+ remote attackers to execute arbitrary commands with the privileges
+ of the IMAP server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2005-2933</cvename>
+ <url>http://www.frsirt.com/english/advisories/2005/1953</url>
+ <url>http://www.idefense.com/application/poi/display?id=313&amp;type=vulnerabilities</url>
+ <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url>
+ </references>
+ <dates>
+ <discovery>2005-10-05</discovery>
+ <entry>2005-10-05</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d4c70df5-335d-11da-9c70-0040f42d58c6">
<topic>weex -- remote format string vulnerability</topic>
<affects>