LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

courier - Remote buffer overflow vulnerabilities

Package(s):Courier CVE #(s):CAN-2004-0224
Created:March 29, 2004 Updated:April 1, 2004
Description: Remote buffer overflow vulnerabilities have been found in Courier-IMAP and Courier MTA. These exploits may allow the execution of arbitrary code, allowing unauthorized access to a vulnerable system.
Alerts:
Gentoo 200403-06 2004-03-26
(Log in to post comments)

courier - Remote buffer overflow vulnerabilities

Posted Apr 1, 2004 12:28 UTC (Thu) by pivot (guest, #588) [Link]

I have been using courier imap with qmail-ldap believing that it was (nearly) as good as qmail in terms of security.

I have recently wanted to try bincimap, http://www.bincimap.org/, instead since it does _only_ imap, and seems to follow a keep-it-simple philosophy.

courier - Remote buffer overflow vulnerabilities

Posted Apr 1, 2004 12:46 UTC (Thu) by skarkkai (subscriber, #4128) [Link]

I contacted Courier's author about this a few days ago, and he said that

1) he believes the bug is not exploitable, and

2) the code concerned is only compiled in if one uses --enable-unicode option, which isn't enabled in default configuration

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds