Jasper Lievisse Adriaanse wrote: > On Thu, Mar 01, 2007 at 08:13:51PM +0100, Holger Mauermann wrote: >> Any chance to see this update in OpenBSD 4.1? Between imapproxy 1.2.3 and >> 1.2.5 some security issues were fixed... > > it helps if you say WHAT issues were fixed.
>From http://www.imapproxy.org/security.php: There is a serious flaw in all versions of imapproxy prior to 1.2.5rc2 that can crash it. imapproxy does not properly deal with string literals sent from clients in Not Authenticated State. This bug is actively exploited by IMP version 4.1.1, since it may send username data as a string literal as part of the LOGIN command, and could be exploited by any host on the internet if a crafted IMAP command is sent to imapproxy in Not Authenticated State. And from http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-2661: Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line. Holger
