Georg Lutz writes:
Hi,
recently IDefense found a remote format string vulnerability in Courier-IMAP (1.6.0 to 2.2.1):
http://www.idefense.com/application/poi/display?id=131&type=vulnerabilities
The Gentoo Linux Security Team claims, that all versions prior to 3.0.5 are also affected:
http://www.gentoo.org/security/en/glsa/glsa-200408-19.xml
Can anybody confirm this? Due to network problems I am not able to view/download source code myself...
The bug was only exposed if the default setting of DEBUG_LOGIN=0 is changed; furthermore I do not believe it to be exploitable.
pgpYMtRHVhVom.pgp
Description: PGP signature
