Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. This could be plausibly exploited for remote code execution on the client. Presuming the client defaults to showing the. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.Ī flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. Email clients will probably want to hide unread thread counts for mailboxes with a role of sent or archive. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.Ī flaw was found in mbsync in isync 1.4.0 through 1.4.3. 4 Debian, Fedoraproject, Isync Project and 1 moreĪ flaw was found in mbsync versions prior to 1.4.4.
0 kommentar(er)
