|
|
imapd Buffer Overflow Vulnerability
Solution: Upgrading to the latest version of imapd available from the appropriate vendor will fix this hole, and probably a number of others. If upgrading to a later version is not possible, but source code is available, modifying the mail_auth function to use 'strncpy' instead of 'strcpy' and limiting the copy size to MAILTMPLEN - 1 will also eliminate the problem. For a more proactive solution, the buffer length can be checked prior to the copy, and in the event the mechanism string is greater than 1024, make a note to syslog. CERT advisory CA-98-09.imapd details individual vendors responses to this problem, and contains information regarding the availability of fixes. |
|
Privacy Statement |