Re: imap mailbox killer
> Package: imap
> Version: 4.7c-1
> Severity: important
>
> On Thu 31 Aug 2000, Paul Slootman wrote:
>
> > Yuck. Smells like a serious buffer overflow somewhere.
>
> Upon a quick glance, there indeed appears to be no checks at all
> for buffer overflows. A buf of 8k is allocated into which the
> From:, Status:, X-Status, and X-Keywords: headers are placed,
> with simple
>
> sprintf (buf + strlen (buf),"...
>
> commands. So having extremely long X-Keywords in mail messages
> will screw things up. Double yuck.
>
> This is in imap-4.7c/src/osdep/unix/unix.c BTW.
>
> See the original message and the accompanying thread in debian-devel,
> archive/latest/67244 , Message-ID <[🔎] 39AD820C.6AD0818C@axis.com> from
> Cristian Ionescu-Idbohrn <cii@axis.com>
This definately needs to be passed upstream... My mailbox was screwed
up as well, and I get my mail from a Solaris box, not a Debian one.
>
>
> Paul Slootman
> --
> home: paul@wurtel.demon.nl http://www.wurtel.demon.nl/
> work: paul@murphy.nl http://www.murphy.nl/
> debian: paul@debian.org http://www.debian.org/
> isdn4linux: paul@isdn4linux.de http://www.isdn4linux.de/
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Buddha Buck bmbuck@14850.com
"Just as the strength of the Internet is chaos, so the strength of our
liberty depends upon the chaos and cacophony of the unfettered speech
the First Amendment protects." -- A.L.A. v. U.S. Dept. of Justice
Reply to: