02 November 2007, 13:32
Perdition IMAP server security update
Security provider SEC Consult has published an advisory describing a Perdition IMAP server vulnerability which can be exploited to crash or compromise a system. The issue is caused by a flaw which allows specially crafted format strings in IMAP requests to be processed undetected. According to the report it is possible to exploit the format string vulnerability by injecting a nul-byte into an IMAP request. SEC Consult describes a sample exploit in its advisory. All versions up to 1.17 are affected. The hole was closed in version 1.17.1.
- Perdition IMAP proxy str_vwrite format string vulnerability, SEC Consult advisory
(mba)
Print Version | Send by email
| Permalink: http://h-online.com/-733900
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
