Multiple GNU mailutils mail server and client tools vulnerabilities

imap4D IMAP server heap overflow, format string bug and DoS conditions, 'mail' and imap4d buffer overflows...

[Full-disclosure] iDEFENSE Security Advisory 09.09.05: GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability

GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability iDEFENSE Security Advisory 09.09.05 www.idefense.com/application/poi/display?id=303&type=vulnerabilities September 09, 2005 I. BACKGROUND The GNU mailutils package is a collection of mail-related utilities, including local and remote...

GNU Mailutils imap4d Search Command Remote Format String

GNU Mailutils is a collection of mail utilities, including an IMAP4 daemon, a POP3 daemon, and a very simple mail client. The remote host is running a version of GNU Mailutils containing a format string vulnerability in its IMAP4 daemon. By exploiting these issues, a remote attacker may be able t...

GNU Mailutils imap4d <= 0.6 Remote Format String Exploit

Exploit for linux platform in category remote exploits ======================================================== GNU Mailutils imap4d Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities email protected:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils...

GNU Mailutils imap4d &lt;= 0.6 Remote Format String Exploit

No description provided by source. / mu-imap4dfsexp.c GNU Mailutils imap4d v0.6 remote format string exploit by CoKi [email protected] Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities coki@nosystem:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils...

GNU Mailutils imap4d 0.6 - Remote Format String

GNU Mailutils imap4d 0.6 - Remote Format String / mu-imap4dfsexp.c GNU Mailutils imap4d v0.6 remote format string exploit by CoKi Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities coki@nosystem:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils imap4d...

GNU Mailutils imap4d 0.6 - Remote Format String

/ mu-imap4dfsexp.c GNU Mailutils imap4d v0.6 remote format string exploit by CoKi Original Reference: http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities coki@nosystem:/home/coki/audit$ ./mu-imap4dfsexp GNU Mailutils imap4d v0.6 remote format string exploit by CoKi use:...

Debian DSA-732-1 : mailutils - several vulnerabilities

'infamous41md' discovered several vulnerabilities in the GNU mailutils package which contains utilities for handling mail. These problems can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities. ...

GNU Mailutils imap4d 0.5 < 0.6.90 Remote Format String Exploit

Exploit for linux platform in category remote exploits ============================================================== GNU Mailutils imap4d 0.5 include include include include include include include include include include include // to be modified define GOT 0x080573fc static char bindshell= //b...

GNU Mailutils imap4d 0.5 &lt; 0.6.90 Remote Format String Exploit

No description provided by source. / gun-imapd.c """"""""""" gnu mailutils-0.5 - mailutils-0.6.90 remote formatstring exploit written and tested on FC3. this is a first testing version and the onlyone to go public. by [email protected] / include stdio.h include string.h include unistd.h include...

GNU Mailutils imap4d 0.5 0.6.90 - Remote Format String

GNU Mailutils imap4d 0.5 0.6.90 - Remote Format String / gun-imapd.c """"""""""" gnu mailutils-0.5 - include include include include include include include include include include include // to be modified define GOT 0x080573fc static char bindshell= //by pr1 bind to :4096 "\x31\xc0" // xor...

GNU Mailutils imap4d 0.5 &lt; 0.6.90 - Remote Format String

/ gun-imapd.c """"""""""" gnu mailutils-0.5 - include include include include include include include include include include include // to be modified define GOT 0x080573fc static char bindshell= //by pr1 bind to :4096 "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\x40" // inc %eax "\x89\xc3"...

GLSA-200506-02 : Mailutils: SQL Injection

The remote host is affected by the vulnerability described in GLSA-200506-02 Mailutils: SQL Injection When GNU Mailutils is built with the 'mysql' or 'postgres' USE flag, the sqlescapestring function of the authentication module fails to properly escape the '' character, rendering it vulnerable t...

Mailutils: SQL Injection

Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...

[SECURITY] [DSA 732-1] New mailutils packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 732-1 [email protected] http://www.debian.org/security/ Martin Schulze June 3rd, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 732-1] New mailutils packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 732-1 [email protected] http://www.debian.org/security/ Martin Schulze June 3rd, 2005 http://www.debian.org/security/faq -...

DSA-732-1 mailutils - several

Bulletin has no description...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...

CVE-2005-1824

CVE-2005-1824 affects GNU Mailutils when built with the mysql or postgres USE flag: the sql_escape_string function in the mailutils auth/sql.c module fails to properly escape the backslash, enabling SQL command injection. Impact: a remote attacker could inject SQL commands into the underlying dat...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...