Courier Multiple Remote Buffer Overflow Vulnerabilities
Multiple buffer overflow vulnerabilities have been identified in Courier MTA, Courier SqWebMail, and Courier-IMAP. These vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access.
The issues exist in the 'SHIFT_JIS' converter in 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may be able to exploit these issues by supplying Unicode characters that exceed BMP (Basic Multilingual Plane) range.
These issues have been reported to affect Courier MTA 0.44.2 and prior, Courier-IMAP 2.2.1 and prior, and Courier SqWebMail 3.6.2 and prior. It has also been reported that the vulnerable codeset mappings may be employed by the Courier IMAP and Webmail service, however, they are not enabled by default.
These issues are being further analyzed and this BID will be updated once analysis is complete.