FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 06:51:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
114d70f3-3d16-11d9-8818-008088034841	Cyrus IMAPd -- PARTIAL command out of bounds memory corruption Due to a bug within the argument parser of the partial command an argument like "body[p" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. In imapd versions prior to 2.2.7 the handling of "body" or "bodypeek" arguments was broken so that the terminating ']' got overwritten by a '\0'. Combined the two problems allow a potential attacker to overwrite a single byte of malloc() control structures, which leads to remote code execution if the attacker successfully controls the heap layout. Discovery 2004-11-06 Entry 2004-11-22 Modified 2004-11-24 cyrus-imapd < 2.1.17 ge 2.2.* le 2.2.6 CVE-2004-1012 http://security.e-matters.de/advisories/152004.html
c0a269d5-3d16-11d9-8818-008088034841	Cyrus IMAPd -- FETCH command out of bounds memory corruption The argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like "body[p", "binary[p" or "binary[p" will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process. When the parser triggers the PARSE_PARTIAL macro after such a malformed argument was received this can lead to a similiar one byte memory corruption and allows remote code execution, when the heap layout was successfully controlled by the attacker. Discovery 2004-11-06 Entry 2004-11-22 Modified 2004-11-24 cyrus-imapd < 2.1.17 ge 2.2.* le 2.2.8 CVE-2004-1013 http://security.e-matters.de/advisories/152004.html
b2d248ad-88f6-11d9-aa18-0001020eed82	cyrus-imapd -- multiple buffer overflow vulnerabilities The Cyrus IMAP Server ChangeLog states: Fix possible single byte overflow in mailbox handling code. Fix possible single byte overflows in the imapd annotate extension. Fix stack buffer overflows in fetchnews (exploitable by peer news server), backend (exploitable by admin), and in imapd (exploitable by users though only on platforms where a filename may be larger than a mailbox name). The 2.1.X series are reportedly only affected by the second issue. These issues may lead to execution of arbitrary code with the permissions of the user running the Cyrus IMAP Server. Discovery 2005-02-14 Entry 2005-02-27 Modified 2005-04-05 cyrus-imapd < 2.1.18 gt 2.2.* lt 2.2.11 12636 CVE-2005-0546 http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

VuXML ID

Description

114d70f3-3d16-11d9-8818-008088034841

Cyrus IMAPd -- PARTIAL command out of bounds memory corruption

Due to a bug within the argument parser of the partial command an argument like "body[p" will be wrongly detected as "body.peek". Because of this the bufferposition gets increased by 10 instead of 5 and could therefore point outside the allocated memory buffer for the rest of the parsing process. In imapd versions prior to 2.2.7 the handling of "body" or "bodypeek" arguments was broken so that the terminating ']' got overwritten by a '\0'. Combined the two problems allow a potential attacker to overwrite a single byte of malloc() control structures, which leads to remote code execution if the attacker successfully controls the heap layout.

Discovery 2004-11-06
Entry 2004-11-22
Modified 2004-11-24
cyrus-imapd

< 2.1.17

ge 2.2.* le 2.2.6

CVE-2004-1012
http://security.e-matters.de/advisories/152004.html

c0a269d5-3d16-11d9-8818-008088034841

Cyrus IMAPd -- FETCH command out of bounds memory corruption

The argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like "body[p", "binary[p" or "binary[p" will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process. When the parser triggers the PARSE_PARTIAL macro after such a malformed argument was received this can lead to a similiar one byte memory corruption and allows remote code execution, when the heap layout was successfully controlled by the attacker.

Discovery 2004-11-06
Entry 2004-11-22
Modified 2004-11-24
cyrus-imapd

< 2.1.17

ge 2.2.* le 2.2.8

CVE-2004-1013
http://security.e-matters.de/advisories/152004.html

b2d248ad-88f6-11d9-aa18-0001020eed82

cyrus-imapd -- multiple buffer overflow vulnerabilities

The Cyrus IMAP Server ChangeLog states:

Fix possible single byte overflow in mailbox handling code.

Fix possible single byte overflows in the imapd annotate extension.

Fix stack buffer overflows in fetchnews (exploitable by peer news server), backend (exploitable by admin), and in imapd (exploitable by users though only on platforms where a filename may be larger than a mailbox name).

The 2.1.X series are reportedly only affected by the second issue.

These issues may lead to execution of arbitrary code with the permissions of the user running the Cyrus IMAP Server.

Discovery 2005-02-14
Entry 2005-02-27
Modified 2005-04-05
cyrus-imapd

< 2.1.18

gt 2.2.* lt 2.2.11

12636
CVE-2005-0546
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html