Fetchmail/cyrus-imapd Updates for Debian
Posted on: 12/26/2002 04:01 AM

Fetchmail/cyrus-imapd updates for Debian GNU/Linux has been released

Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail.

Read more

Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server.

Read more

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/fetchmailcyrus_imapd_updates_for_debian.html)