diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-02-27 20:34:17 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-02-27 20:34:17 +0000 |
| commit | 3ba6fcbd61d8bc1a52d8cb934b4b25d238ed67d0 (patch) | |
| tree | a7215f36c69b2983e8fd75e4d49b40f564d0d275 /security/vuxml/vuln.xml | |
| parent | e4adc76363abf312c4178b9127f2efd151cb3779 (diff) | |
| download | ports-3ba6fcbd61d8bc1a52d8cb934b4b25d238ed67d0.tar.gz ports-3ba6fcbd61d8bc1a52d8cb934b4b25d238ed67d0.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 714de90068b1..937627e6776a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,48 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b2d248ad-88f6-11d9-aa18-0001020eed82"> + <topic>cyrus-imapd -- multiple buffer overflow vulnerabilities</topic> + <affects> + <package> + <name>cyrus-imapd</name> + <range><lt>2.1.18</lt></range> + <range><gt>2.2.*</gt><lt>2.2.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Cyrus IMAP Server ChangeLog states:</p> + <blockquote cite="http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"> + <ul> + <li>Fix possible single byte overflow in mailbox handling + code.</li> + <li>Fix possible single byte overflows in the imapd + annotate extension.</li> + <li>Fix stack buffer overflows in fetchnews (exploitable + by peer news server), backend (exploitable by admin), + and in imapd (exploitable by users though only on + platforms where a filename may be larger than a mailbox + name).</li> + </ul> + </blockquote> + <p>The 2.1.X series are reportedly only affected by the second + issue.</p> + <p>These issues may lead to execution of arbitrary code with + the permissions of the user running the Cyrus IMAP + Server.</p> + </body> + </description> + <references> + <bid>12636</bid> + <url>http://asg.web.cmu.edu/cyrus/download/imapd/changes.html</url> + </references> + <dates> + <discovery>2005-02-14</discovery> + <entry>2005-02-27</entry> + </dates> + </vuln> + <vuln vid="2c5757f4-88bf-11d9-8720-0007e900f87b"> <topic>sup -- format string vulnerability</topic> <affects> @@ -55,9 +97,9 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </body> </description> <references> + <bid>10571</bid> <cvename>CAN-2004-0451</cvename> <url>http://www.securityfocus.com/advisories/6874</url> - <url>http://www.securityfocus.com/bid/10571</url> </references> <dates> <discovery>2004-06-19</discovery> |