|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Mail Notification contains a flaw that may allow a remote denial of service. The issue is triggered when an out of context continuation response sent by a malicious IMAP server causes a null pointer dereference to occur in the IMAP code strcmp() function, and results in loss of availability for the service. Note: To exploit this vulnerability the attacker must first hijack the connection between Mail Notification and the IMAP server.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 0.7.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not monitor an IMAP mailbox. If you want to ensure that the faulty code will not be used, reinstall Mail Notification using the following commands:
$ ./configure --disable-imap
$ make
$ make install
|
|
Products |
|
Mail Notification
 |
0.6.0 |
0.6.1 |
0.6.2 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
