Timo Sirainen

**Name of the Vulnerable Software and Affected Versions** cURL versions 7.7 through 7.30.0 libcurl versions prior to 7.34.0 **Description** The issue is related to a heap-based buffer overflow in the `curl easy unescape` function, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted string ending in a "%" character. The function decodes URL encoded strings to raw binary data and can be vulnerable to heap corruption due to bad checking of input data. The estimated risk for exploiting this flaw is considered low, but it may be possible for specific circumstances. **Recommendations** For cURL versions 7.7 through 7.30.0, update to a version later than 7.30.0 to resolve the issue. For libcurl versions prior to 7.34.0, update to version 7.34.0 or later to fix the vulnerability. As a temporary workaround, consider restricting the use of the `curl easy unescape` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions 1.2.x through 1.2.14 Dovecot versions 2.0.x through 2.0.beta1 **Description** The issue allows remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox. This can be achieved by exploiting the fact that the admin permission is granted to the owner of each mailbox in a non-public namespace. A possible scenario involves a symlinked shared mailbox. **Recommendations** For Dovecot versions 1.2.x through 1.2.14, update to version 1.2.15 or later. For Dovecot versions 2.0.x through 2.0.beta1, update to version 2.0.beta2 or later.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions 1.2.x through 1.2.14 Dovecot versions 2.0.x through 2.0.4 **Description** The issue allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox, due to incorrect interpretation of ACL entries. **Recommendations** For Dovecot versions 1.2.x through 1.2.14, update to version 1.2.15 or later. For Dovecot versions 2.0.x through 2.0.4, update to version 2.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions 1.2.x through 1.2.7 **Description** The issue allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base dir directory, and possibly the base dir directory itself. This is due to Dovecot setting 0777 permissions during the creation of certain directories at installation time. **Recommendations** For Dovecot versions 1.2.x through 1.2.7, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions 1.1.4 through 1.1.5 **Description** The issue concerns a denial of service that can be triggered by an email with a malformed From address, causing an assertion error due to invalid message address parsing. This can lead to a persistent crash when the FETCH ENVELOPE command is used in the IMAP client. **Recommendations** For Dovecot versions 1.1.4 and 1.1.5, consider disabling the message parsing feature temporarily until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 1.0.3 **Description** The issue allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions 1.0 beta through 1.0 **Description** A directory traversal issue allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the LIST or DELETE IMAP command. **Recommendations** For Dovecot versions 1.0 beta through 1.0, consider restricting access to the LIST and DELETE IMAP commands until a patch is available. As a temporary workaround, restrict the use of ".." sequences in these commands to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: up-imapproxy IMAP proxy version 1.2.2 Description: The issue is caused by multiple integer signedness errors in several files, including imapcommon.c, main.c, request.c, and select.c. These errors can be exploited by remote attackers to cause a denial of service, resulting in a server crash, and potentially leak sensitive information. This is achieved by sending certain literal values that are not properly handled when using the IMAP Line Read function. Recommendations: For up-imapproxy IMAP proxy version 1.2.2, consider disabling the IMAP Line Read function until a patch is available to prevent potential exploitation. Restrict access to the affected files, including imapcommon.c, main.c, request.c, and select.c, to minimize the risk of server crash and sensitive information leakage.

**Name of the Vulnerable Software and Affected Versions** rsync versions prior to 2.5.7 **Description** The issue is related to a heap-based buffer overflow in rsync when running in server mode, allowing remote attackers to execute arbitrary code and possibly escape the chroot jail. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed remotely. **Recommendations** For versions prior to 2.5.7, update to version 2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the rsync server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU screen versions 4.0.1 and earlier GNU screen versions 3.9.15 and earlier **Description** The issue is caused by an integer signedness error in the ansi.c file, which allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences. This leads to a buffer overflow. **Recommendations** For GNU screen versions 4.0.1 and earlier, update to a version later than 4.0.1 to resolve the issue. For GNU screen versions 3.9.15 and earlier, update to a version later than 3.9.15 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Sendmail version 8.12.9 Description: A potential buffer overflow in ruleset parsing has unknown consequences, specifically when using nonstandard rulesets such as recipient, final, or mailer-specific envelope recipients. Recommendations: For Sendmail version 8.12.9, consider disabling the use of nonstandard rulesets as a temporary workaround until a patch is available. Restrict access to ruleset parsing to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.11 and earlier Description: Multiple off-by-one vulnerabilities allow remote attackers to cause a denial of service and possibly execute arbitrary code via several dissectors, including `AIM`, `GIOP Gryphon`, `OSPF`, `PPTP`, `Quake`, `Quake2`, `Quake3`, `Rsync`, `SMB`, `SMPP`, and `TSP`, which do not properly use the `tvb get nstringz` and `tvb get nstringz0` functions. Recommendations: For Ethereal versions 0.9.11 and earlier, consider disabling the affected dissectors until a patch is available. Restrict access to the vulnerable functions `tvb get nstringz` and `tvb get nstringz0` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.11 and earlier Description: The issue is related to multiple integer overflow vulnerabilities. These vulnerabilities can be exploited by remote attackers to cause a denial of service and possibly execute arbitrary code. The vulnerabilities are specifically found in the (1) Mount and (2) PPP dissectors. Recommendations: For Ethereal versions 0.9.11 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EPIC4 version 1.0.1 **Description** The issue concerns multiple vulnerabilities in the EPIC package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, buffer overflows in the EPIC IRC Client can cause a denial of service or possibly execute arbitrary code when the client receives long replies that are not properly handled by the `userhost cmd returned` function or the Statusbar capability. **Recommendations** For EPIC4 version 1.0.1, consider disabling the `userhost cmd returned` function and restricting the use of the Statusbar capability until a patch is available to prevent potential exploitation. Additionally, restrict access to the EPIC IRC Client to minimize the risk of remote malicious IRC servers causing a denial of service or executing arbitrary code.

Name of the Vulnerable Software and Affected Versions: BitchX IRC client versions 1.0-0c19 and earlier Description: The issue is related to multiple buffer overflows that can be triggered by remote malicious IRC servers. These overflows occur when the client encounters long hostnames, nicknames, or channel names that are not properly handled by certain functions, including `send ctcp`, `cannot join channel`, `cluster`, `BX compress modes`, `handle oper vision`, and `ban it`. This can lead to a denial of service (crash) and potentially allow the execution of arbitrary code. Recommendations: For BitchX IRC client versions 1.0-0c19 and earlier, consider disabling the functions `send ctcp`, `cannot join channel`, `cluster`, `BX compress modes`, `handle oper vision`, and `ban it` as a temporary workaround until a patch is available. Restrict access to the client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ircII version 20020912 epic4 (affected versions not specified) **Description** The issue involves multiple buffer overflows in the ircII software, potentially allowing remote malicious IRC servers to cause a denial of service or execute arbitrary code. This is due to improper handling of responses by various functions, including `ctcp buffer`, `cannot join channel`, `status make printable` for Statusbar drawing, and `create server list`. Additionally, there are multiple vulnerabilities in the epic4 package of the Debian GNU/Linux operating system that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. **Recommendations** For ircII version 20020912, consider disabling the `my strcat` function or restricting its use until a patch is available. For epic4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Eudora version 5.2.1 Description: The issue allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. Recommendations: For version 5.2.1, consider updating to a newer version that addresses the issue, as the current version may be susceptible to denial of service and arbitrary code execution attacks from malicious IMAP servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sylpheed version 0.8.11 Description: The issue allows remote malicious IMAP servers to cause a denial of service, resulting in a crash, by exploiting certain large literal size values. This can lead to either integer signedness errors or integer overflow errors. Recommendations: For version 0.8.11, update to a newer version that contains a fix for this issue to prevent remote malicious IMAP servers from causing a denial of service.

Name of the Vulnerable Software and Affected Versions: Evolution IMAP Client version 1.2.4 Description: The issue allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. Recommendations: For Evolution IMAP Client version 1.2.4, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: The IMAP Client for Outlook Express version 6.00.2800.1106 Description: The issue allows remote malicious IMAP servers to cause a denial of service, resulting in a crash, by sending certain large literal size values. This can lead to either integer signedness errors or integer overflow errors. Recommendations: For version 6.00.2800.1106, consider restricting access to untrusted IMAP servers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.