Perdition IMAP server security update
Security provider SEC Consult has published an advisory describing a Perdition IMAP server vulnerability which can be exploited to crash or compromise a system. The issue is caused by a flaw which allows specially crafted format strings in IMAP requests to be processed undetected. According to the report it is possible to exploit the format string vulnerability by injecting a nul-byte into an IMAP request. SEC Consult describes a sample exploit in its advisory. All versions up to 1.17 are affected. The hole was closed in version 1.17.1.
- Perdition IMAP proxy str_vwrite format string vulnerability, SEC Consult advisory