Secunia Advisory: | SA29382 | |
Release Date: | 2008-03-14 | |
Critical: | Moderately critical | |
Impact: | DoS System access | |
Where: | From remote | |
Solution Status: | Unpatched | |
Software: | MDaemon 9.x | |
This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! |
The vulnerability is caused due to a boundary error within the IMAP server when processing the "FETCH" command. This can be exploited to cause a stack-based buffer overflow via a specially crafted "FETCH" command containing an overly long section specification in a "BODY" data item.
Successful exploitation allows execution of arbitrary code, but requires valid user credentials.
The vulnerability is confirmed in version 9.6.4. Other versions may also be affected.
Solution:
Grant only trusted users access to the affected service.
Provided and/or discovered by:
Matteo Memelli a.k.a. ryujin
Original Advisory:
http://www.be4mind.com/?q=node/256
資料來源 secunia.com/advisories/29382/
全站熱搜
留言列表