| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.55.0307131100280.26339@mail.securityfocus.com> Date: Sun, 13 Jul 2003 11:12:19 -0600 (MDT) From: Hal Flynn <flynn@...urityfocus.com> To: Dennis Rand <der@...owarfare.dk> Cc: "Vulnwatch@...nwatch. Org" <vulnwatch@...nwatch.org>, "Bugs@...uritytracker. Com" <bugs@...uritytracker.com>, "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>, "News@...uriteam. Com" <news@...uriteam.com>, "Vuln@...unia. Dk" <vuln@...unia.dk> Subject: [VulnDiscuss] Re: Buffer Overflow Vulnerability Found in IMAP4 MDaemon 6 - [SELECT] Hello Dennis, > -----[DETECTION > IMAP4rev1 MDaemon 6.7.9 is vulnerable to the above-described attacks. > Earlier versions may be susceptible as well. To determine if a specific ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Indeed, they are. While it's interesting to see that MDaemon (which is actually distributed by Alt-N Technologies, FYI) was vulnerable to this issue in a revision as late as 6.7.9 (the current is 6.8.4), this issue, and also the EXAMINE memory corruption issue, was identified as a vulnerability in the software on March 23, 2001. It is worth noting that searching Google with the two terms "MDaemon" and "Examine" brought up several references to this vulnerability in the first ten hits. The Bugtraq Database entry is located here: http://www.securityfocus.com/bid/2508 Cheers, Hal Flynn Symantec Corp. http://www.securityfocus.com/unix
Powered by blists - more mailing lists