imap security update

2002d-15 - Backport patch for buffer overflows in dmail and tmail from upstream version 2007d CVE-2008-5005, 469667...

DEBIAN-CVE-2008-5005

Multiple stack-based buffer overflows in 1 University of Washington IMAP Toolkit 2002 through 2007c, 2 University of Washington Alpine 2.00 and earlier, and 3 Panda IMAP allow a local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail...

University of Washington IMAP 'tmail'和'dmail'本地缓冲区溢出漏洞

BUGTRAQ ID: 32072 CNCAN ID：CNCAN-2008110404 University of Washington IMAP是一款IMAP协议实现。 University of Washington IMAP包含的'tmail'和'dmail'存在缓冲区溢出，本地攻击者可以利用漏洞以应用程序权限执行任意指令。 'tmail'和'dmail'应用程序在从命令行中处理文件夹扩展参数时缺少正确的边界检查，通过提交超长文件夹名可触发基于栈的缓冲区溢出。tmail可允许以root用户权限执行任意指令。 有问题代码如下： tmail.cchar getusername char...

imap-uw -- local buffer overflow vulnerabilities

SANS reports: University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data...