FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

up-imapproxy -- multiple vulnerabilities

Affected packages
up-imapproxy < 1.2.4
pop3proxy <= 1.1

Details

VuXML ID 927743d4-5ca9-11d9-a9e7-0001020eed82
Discovery 2004-11-17
Entry 2005-01-02
Modified 2008-02-27

Timo Sirainen reports:

There are various bugs in up-imapproxy which can crash it. Since up-imapproxy runs in a single process with each connection handled in a separate thread, any crash kills all the connections and stops listening for new ones.

In 64bit systems it might be possible to make it leak data (mails, passwords, ..) from other connections to attacker's connection. However I don't think up-imapproxy actually works in any 64bit system so this is just a theoretical problem.

References

Bugtraq ID 11630
CVE Name CVE-2004-1035
Message 1099851138.3716.3.camel@hurina