FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c0a269d5-3d16-11d9-8818-008088034841Cyrus IMAPd -- FETCH command out of bounds memory corruption

The argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like "body[p", "binary[p" or "binary[p" will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process. When the parser triggers the PARSE_PARTIAL macro after such a malformed argument was received this can lead to a similiar one byte memory corruption and allows remote code execution, when the heap layout was successfully controlled by the attacker.


Discovery 2004-11-06
Entry 2004-11-22
Modified 2004-11-24
cyrus-imapd
lt 2.1.17

ge 2.2.* le 2.2.8

CVE-2004-1013
http://security.e-matters.de/advisories/152004.html
114d70f3-3d16-11d9-8818-008088034841Cyrus IMAPd -- PARTIAL command out of bounds memory corruption

Due to a bug within the argument parser of the partial command an argument like "body[p" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. In imapd versions prior to 2.2.7 the handling of "body" or "bodypeek" arguments was broken so that the terminating ']' got overwritten by a '\0'. Combined the two problems allow a potential attacker to overwrite a single byte of malloc() control structures, which leads to remote code execution if the attacker successfully controls the heap layout.


Discovery 2004-11-06
Entry 2004-11-22
Modified 2004-11-24
cyrus-imapd
lt 2.1.17

ge 2.2.* le 2.2.6

CVE-2004-1012
http://security.e-matters.de/advisories/152004.html
b2d248ad-88f6-11d9-aa18-0001020eed82cyrus-imapd -- multiple buffer overflow vulnerabilities

The Cyrus IMAP Server ChangeLog states:

  • Fix possible single byte overflow in mailbox handling code.
  • Fix possible single byte overflows in the imapd annotate extension.
  • Fix stack buffer overflows in fetchnews (exploitable by peer news server), backend (exploitable by admin), and in imapd (exploitable by users though only on platforms where a filename may be larger than a mailbox name).

The 2.1.X series are reportedly only affected by the second issue.

These issues may lead to execution of arbitrary code with the permissions of the user running the Cyrus IMAP Server.


Discovery 2005-02-14
Entry 2005-02-27
Modified 2005-04-05
cyrus-imapd
lt 2.1.18

gt 2.2.* lt 2.2.11

12636
CVE-2005-0546
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
114d70f3-3d16-11d9-8818-008088034841Cyrus IMAPd -- PARTIAL command out of bounds memory corruption

Due to a bug within the argument parser of the partial command an argument like "body[p" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. In imapd versions prior to 2.2.7 the handling of "body" or "bodypeek" arguments was broken so that the terminating ']' got overwritten by a '\0'. Combined the two problems allow a potential attacker to overwrite a single byte of malloc() control structures, which leads to remote code execution if the attacker successfully controls the heap layout.


Discovery 2004-11-06
Entry 2004-11-22
Modified 2004-11-24
cyrus-imapd
lt 2.1.17

ge 2.2.* le 2.2.6

CVE-2004-1012
http://security.e-matters.de/advisories/152004.html
c0a269d5-3d16-11d9-8818-008088034841Cyrus IMAPd -- FETCH command out of bounds memory corruption

The argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like "body[p", "binary[p" or "binary[p" will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process. When the parser triggers the PARSE_PARTIAL macro after such a malformed argument was received this can lead to a similiar one byte memory corruption and allows remote code execution, when the heap layout was successfully controlled by the attacker.


Discovery 2004-11-06
Entry 2004-11-22
Modified 2004-11-24
cyrus-imapd
lt 2.1.17

ge 2.2.* le 2.2.8

CVE-2004-1013
http://security.e-matters.de/advisories/152004.html
b2d248ad-88f6-11d9-aa18-0001020eed82cyrus-imapd -- multiple buffer overflow vulnerabilities

The Cyrus IMAP Server ChangeLog states:

  • Fix possible single byte overflow in mailbox handling code.
  • Fix possible single byte overflows in the imapd annotate extension.
  • Fix stack buffer overflows in fetchnews (exploitable by peer news server), backend (exploitable by admin), and in imapd (exploitable by users though only on platforms where a filename may be larger than a mailbox name).

The 2.1.X series are reportedly only affected by the second issue.

These issues may lead to execution of arbitrary code with the permissions of the user running the Cyrus IMAP Server.


Discovery 2005-02-14
Entry 2005-02-27
Modified 2005-04-05
cyrus-imapd
lt 2.1.18

gt 2.2.* lt 2.2.11

12636
CVE-2005-0546
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html