In association with heise online

02 November 2007, 13:32

Perdition IMAP server security update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security provider SEC Consult has published an advisory describing a Perdition IMAP server vulnerability which can be exploited to crash or compromise a system. The issue is caused by a flaw which allows specially crafted format strings in IMAP requests to be processed undetected. According to the report it is possible to exploit the format string vulnerability by injecting a nul-byte into an IMAP request. SEC Consult describes a sample exploit in its advisory. All versions up to 1.17 are affected. The hole was closed in version 1.17.1.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit