描述
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
AI分析AI驱动
受影响产品
gnomebalsa
1.1.7
gnomebalsa
1.2.4
gnomebalsa
1.4
gnomebalsa
1.4.3
gnomebalsa
2.0.6
gnomebalsa
2.0.10
gnomebalsa
2.0.16
gnomebalsa
2.0.17
gnomebalsa
2.0.18
gnomebalsa
2.1
gnomebalsa
2.1.1
gnomebalsa
2.1.2
gnomebalsa
2.1.3
gnomebalsa
2.1.90
gnomebalsa
2.1.91
gnomebalsa
2.2
gnomebalsa
2.2.1
gnomebalsa
2.2.2
gnomebalsa
2.2.3
gnomebalsa
2.2.4
gnomebalsa
2.2.5
gnomebalsa
2.2.6
gnomebalsa
2.3
gnomebalsa
2.3.1
gnomebalsa
2.3.2
gnomebalsa
2.3.3
gnomebalsa
2.3.4
gnomebalsa
2.3.5
gnomebalsa
2.3.6
gnomebalsa
2.3.7
gnomebalsa
2.3.8
gnomebalsa
2.3.10
gnomebalsa
2.3.11
gnomebalsa
2.3.12
gnomebalsa
2.3.13
gnomebalsa
2.3.14
gnomebalsa
2.3.15
gnomebalsa
2.3.16
gnomebalsa
2.3.17
gnomebalsa
2.3.19
参考资料
- http://bugs.gentoo.org/show_bug.cgi?id=193179Exploit
- http://bugzilla.gnome.org/show_bug.cgi?id=474366
- http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.htmlPatch
- http://osvdb.org/40585
- http://secunia.com/advisories/26947Vendor Advisory
- http://secunia.com/advisories/26987Vendor Advisory
- http://secunia.com/advisories/27272Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml
- http://www.novell.com/linux/security/advisories/2007_19_sr.html
- http://www.securityfocus.com/bid/25777Patch
- http://www.vupen.com/english/advisories/2007/3263
- https://bugzilla.redhat.com/show_bug.cgi?id=297581
- http://bugs.gentoo.org/show_bug.cgi?id=193179Exploit
- http://bugzilla.gnome.org/show_bug.cgi?id=474366
- http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.htmlPatch
- http://osvdb.org/40585
- http://secunia.com/advisories/26947Vendor Advisory
- http://secunia.com/advisories/26987Vendor Advisory
- http://secunia.com/advisories/27272Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml