Cyrus IMAP server has a a remotely exploitable pre-login buffer overflow. I
checked versions 1.4 (oldest in web page) and 2.1.10 which both had it, so
apparently all versions are affected.
Problem is that literal lengths aren't verified to be in any reasonable
range. The length + 2...
-------
Cyrus IMAP server has a a remotely exploitable pre-login buffer overflow. I
checked versions 1.4 (oldest in web page) and 2.1.10 which both had it, so
apparently all versions are affected.
Problem is that literal lengths aren't verified to be in any reasonable
range. The length + 2...
[ more ]