89 matches found
[ GLSA 200710-17 ] Balsa: Buffer overflow
Gentoo Linux Security Advisory GLSA 200710-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
openSUSE 10 Security Update : balsa (balsa-4434)
This update of balsa fixes a buffer overflow that occurs while reading data from an IMAP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update balsa-4434. The text description of this plugin...
GLSA-200710-17 : Balsa: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200710-17 Balsa: Buffer overflow Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact : A remote attacker could entice a us...
Balsa: Buffer overflow
Background Balsa is a highly configurable email client for GNOME. Description Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact A remote attacker could entice a user to connect to a...
CVE-2007-5007
Stack-based buffer overflow in the irfetchseq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command...
CVE-2007-5007
CVE-2007-5007 concerns a stack-based buffer overflow in the ir_fetch_seq function of Balsa (GNOME mail client) prior to version 2.3.20. A long IMAP FETCH response could allow a remote attacker to execute arbitrary code on the affected host. Gentoo GLSA 200710-17 (and related advisories) specify t...
[SECURITY] Fedora 7 Update: balsa-2.3.17-2.fc7
Balsa is a GNOME email client which supports mbox, maildir, and mh local mailboxes, and IMAP4 and POP3 remote mailboxes. Email can be sent via sendmail or SMTP. Optional multithreading support allows for non-intrusive retrieval and sending of mail. A finished GUI similar to that of the Eudora ema...
fetchmail/mutt/evolution/...: APOP password disclosure vulnerability
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...
Code injection
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...
CVE-2007-1558
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...
CVE-2007-1558
CVE-2007-1558 describes a cryptographic weakness in APOP authentication that lowers MITM attack cost to recover passwords. Connected advisories show this affects multiple mail clients (e.g., Thunderbird/Icedove, Iceape, fetchmail) and related POP/ALOP implementations. Debian DSA-1305-1 and CentOS...
Debian DSA-300-1 : balsa - buffer overflow
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of...
RHEL 2.1 : balsa (RHSA-2003:111)
Updated Balsa packages are available which fix potential vulnerabilities in the IMAP handling code and in libesmtp. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow exists in Balsa versions 1.2 and higher when parsing mailbox names returned by an IMAP serve...
Important: Red Hat Security Advisory: balsa security update
Updated Balsa packages are available which fix potential vulnerabilities in the IMAP handling code and in libesmtp. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow exists in Balsa versions 1.2 and higher when parsing mailbox names returned by an IMAP serve...
CVE-2003-0299
The CVE-2003-0299 issue affects the IMAP client code used by mutt 1.4.1 and Balsa 2.0.10. A remote malicious IMAP server can trigger denial of service and possibly arbitrary code execution by sending mailbox size values that cause signedness or integer overflow errors in the IMAP handling path. P...
[SECURITY] [DSA 300-1] New Balsa packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 300-1 [email protected] http://www.debian.org/security/ Martin Schulze May 6th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 300-1] New Balsa packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 300-1 [email protected] http://www.debian.org/security/ Martin Schulze May 6th, 2003 http://www.debian.org/security/faq -...
DSA-300 balsa - buffer overflow
Bulletin has no description...
[CLA-2003:630] Conectiva Security Announcement - balsa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : balsa SUMMARY : Buffer overflow in IMAP code and ...
Important: Red Hat Security Advisory: : Updated balsa and mutt packages fix vulnerabilities
New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow vulnerabilities are now available. Mutt is a text-mode email client. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow in Mutt version 1.4 exists when parsing mailbox names returned by...