Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

GNU Mailutils Mail header_get_field_name() Function Remote Overflow

Network Security News – Sunday, June 05, 2005 Events

GNU Mailutils Mail header_get_field_name() Function Remote Overflow

A remote overflow exists in Mailutils. The mail program fails to validate a buffer in the header_get_field_name() function resulting in a buffer overflow. With a specially crafted email message, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16854

GNU Mailutils imap4d Server Client Command Format String

Mailutils contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when format specifiers are sent as part of user-supplied commands, and are unchecked by the imap4d server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16857

GNU Mailutils imap4d fetch_io Function Remote Overflow

A remote overflow exists in Mailutils. The imap4d server fails to properly validate the fetch_io function resulting in an integer overflow. With a specially crafted END command, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16855

GNU Mailutils imap4d FETCH Command Remote DoS

Mailutils contains a flaw that may allow a remote denial of service. The issue is triggered when a FETCH command with a very large sequence range is sent to the imap4d server, and will result in loss of availability for the platform.. Read more at osvdb.org/16856

UCB Pop Server Arbitrary Privileged File Creation

UCB Pop Server (a.k.a. popper/qpop/qpopper) contains a flaw that may allow a malicious local user to overwrite or create arbitrary root-owned files on the system. The issue is due to the pop program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/17036

UCB Pop Server XTND XMIT Anonymous Mail Send

UCB Pop Server (a.k.a. popper/qpop/qpopper) contains a flaw related to the logging that may allow an attacker to send anonymous, untraceable mail. Popper does not, by default log users. Using XTND XMIT it's possible send mail that cannot be traced back to the user.. Read more at osvdb.org/17037

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *