FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1f6e2ade-35c2-11da-811d-0050bf27ba24imap-uw -- mailbox name handling remote buffer vulnerability

FrSIRT reports:

A vulnerability has been identified in UW-IMAP, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a stack overflow error in the "mail_valid_net_parse_work()" [src/c-client/mail.c] function that does not properly handle specially crafted mailbox names containing a quote (") character, which could be exploited by authenticated remote attackers to execute arbitrary commands with the privileges of the IMAP server.


Discovery 2005-10-05
Entry 2005-10-05
imap-uw
< 2004g

CVE-2005-2933
http://www.frsirt.com/english/advisories/2005/1953
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
http://www.washington.edu/imap/documentation/RELNOTES.html
5ed2f96b-33b7-4863-8c6b-540d22344424imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability

SecurityFocus reports:

University of Washington IMAP c-client is prone to a remote format-string vulnerability because the software fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.


Discovery 2009-02-17
Entry 2009-05-21
Modified 2009-05-22
imap-uw
< 2007e

33795
69a20ce4-dfee-11dd-a765-0030843d3802imap-uw -- imap c-client buffer overflow

SANS reports:

The University of Washington IMAP library is a library implementing the IMAP mail protocol. University of Washington IMAP is exposed to a buffer overflow issue that occurs due to a boundary error within the rfc822_output_char function in the c-client library. The University of Washington IMAP library versions prior to 2007e are affected.


Discovery 2008-12-16
Entry 2009-01-11
Modified 2010-05-02
imap-uw
< 2007e

CVE-2008-5514
http://www.washington.edu/imap/documentation/RELNOTES.html
a6713190-dfea-11dd-a765-0030843d3802imap-uw -- local buffer overflow vulnerabilities

SANS reports:

University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data.


Discovery 2008-10-29
Entry 2009-01-11
Modified 2010-05-02
imap-uw
< 2007d

CVE-2008-5514
http://www.washington.edu/imap/documentation/RELNOTES.html
http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22
d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616imap-uw -- authentication bypass when CRAM-MD5 is enabled

The CRAM-MD5 authentication support of the University of Washington IMAP and POP3 servers contains a vulnerability that may allow an attacker to bypass authentication and impersonate arbitrary users. Only installations with CRAM-MD5 support configured are affected.


Discovery 2005-01-04
Entry 2005-06-03
imap-uw
< 2004b,1

CVE-2005-0198
702777