On Fri, Mar 02, 2007 at 12:34:45PM +0100, Holger Mauermann wrote: > Jasper Lievisse Adriaanse wrote: > > On Thu, Mar 01, 2007 at 08:13:51PM +0100, Holger Mauermann wrote: > >> Any chance to see this update in OpenBSD 4.1? Between imapproxy 1.2.3 and > >> 1.2.5 some security issues were fixed... > > > > it helps if you say WHAT issues were fixed. too late..we're locked. but it could go for 4.1-stable though..
> > From http://www.imapproxy.org/security.php: > There is a serious flaw in all versions of imapproxy prior to 1.2.5rc2 that > can crash it. imapproxy does not properly deal with string literals sent > from clients in Not Authenticated State. This bug is actively exploited by > IMP version 4.1.1, since it may send username data as a string literal as > part of the LOGIN command, and could be exploited by any host on the > internet if a crafted IMAP command is sent to imapproxy in Not Authenticated > State. > > And from http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-2661: > Format string vulnerability in the ParseBannerAndCapability function in > main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to > execute arbitrary code via format string specifiers in a banner or > capability line. > > > Holger > -- ``This statement is false'' NedBSD: http://nedbsd.eu
