Buffer overflow in Cyrus IMAP ?
Rob Siemborski
rjs3 at andrew.cmu.edu
Thu Dec 5 17:12:12 EST 2002
Its the same parsing code (with one or two exceptions).
I don't see why it existing with literals after login would concern you if
it didn't concern you before login.
Of course, they are properly limited in 2.1.11 and 2.0.17.
-Rob
On Thu, 5 Dec 2002 saira at iman.acsu.buffalo.edu wrote:
> Hi,
>
> Regarding the recently announced vulnerability
>
> http://online.securityfocus.com/archive/1/301864/2002-11-29/2002-12-05/0
>
> Does a similar vulnerability exist with literals after login?
>
> Thank you.
>
> Saira Hasnain
>
>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list