Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:57:55 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2285350960&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=IMAP%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fimap%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2285350960.1338191875.1338191875.1338191875.1%3B%2B__utmz%3D32867617.1338191875.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112535/dsa-2464-2.txt http://packetstormsecurity.org/files/112535/dsa-2464-2.txt http://packetstormsecurity.org/files/112535/Debian-Security-Advisory-2464-2.html Wed, 09 May 2012 00:18:31 GMT Debian Linux Security Advisory 2464-2 - The latest security update, DSA-2464-1, for Icedove, Debian's version removal of UTF-7 support resulted in incorrect display of IMAP folder names. http://packetstormsecurity.org/files/111505/USN-1400-4.txt http://packetstormsecurity.org/files/111505/USN-1400-4.txt http://packetstormsecurity.org/files/111505/Ubuntu-Security-Notice-USN-1400-4.html Wed, 04 Apr 2012 00:27:08 GMT Ubuntu Security Notice 1400-4 - USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird version caused a regression in IMAP connections and mail filtering. This update fixes the problem. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. Various other issues were also addressed. http://packetstormsecurity.org/files/111141/MDVSA-2012-037.txt http://packetstormsecurity.org/files/111141/MDVSA-2012-037.txt http://packetstormsecurity.org/files/111141/Mandriva-Linux-Security-Advisory-2012-037.html Fri, 23 Mar 2012 23:59:14 GMT Mandriva Linux Security Advisory 2012-037 - The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/110712/backfuzz.tar.gz http://packetstormsecurity.org/files/110712/backfuzz.tar.gz http://packetstormsecurity.org/files/110712/Back-To-The-FUZZer-Toolkit.html Mon, 12 Mar 2012 17:22:11 GMT This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python. http://packetstormsecurity.org/files/110226/xplico-1.0.0.tgz http://packetstormsecurity.org/files/110226/xplico-1.0.0.tgz http://packetstormsecurity.org/files/110226/Xplico-Network-Forensic-Analysis-Tool-1.0.0.html Sun, 26 Feb 2012 23:22:22 GMT Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages. http://packetstormsecurity.org/files/109818/hydra-7.2-src.tar.gz http://packetstormsecurity.org/files/109818/hydra-7.2-src.tar.gz http://packetstormsecurity.org/files/109818/Hydra-Network-Logon-Cracker-7.2.html Thu, 16 Feb 2012 03:50:57 GMT THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus. http://packetstormsecurity.org/files/108701/xplico-0.7.1.tgz http://packetstormsecurity.org/files/108701/xplico-0.7.1.tgz http://packetstormsecurity.org/files/108701/Xplico-Network-Forensic-Analysis-Tool-0.7.1.html Mon, 16 Jan 2012 03:01:28 GMT Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages. http://packetstormsecurity.org/files/108305/dsa-2377-1.txt http://packetstormsecurity.org/files/108305/dsa-2377-1.txt http://packetstormsecurity.org/files/108305/Debian-Security-Advisory-2377-1.html Mon, 02 Jan 2012 21:43:43 GMT Debian Linux Security Advisory 2377-1 - It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP. http://packetstormsecurity.org/files/107674/USN-1295-1.txt http://packetstormsecurity.org/files/107674/USN-1295-1.txt http://packetstormsecurity.org/files/107674/Ubuntu-Security-Notice-USN-1295-1.html Fri, 09 Dec 2011 00:37:07 GMT Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. http://packetstormsecurity.org/files/107452/RHSA-2011-1508-01.txt http://packetstormsecurity.org/files/107452/RHSA-2011-1508-01.txt http://packetstormsecurity.org/files/107452/Red-Hat-Security-Advisory-2011-1508-01.html Thu, 01 Dec 2011 21:35:11 GMT Red Hat Security Advisory 2011-1508-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. http://packetstormsecurity.org/files/107334/stunnel-4.48.tar.gz http://packetstormsecurity.org/files/107334/stunnel-4.48.tar.gz http://packetstormsecurity.org/files/107334/Stunnel-SSL-Wrapper-4.48.html Sun, 27 Nov 2011 18:12:03 GMT Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. http://packetstormsecurity.org/files/106721/stunnel-4.47b1.tar.gz http://packetstormsecurity.org/files/106721/stunnel-4.47b1.tar.gz http://packetstormsecurity.org/files/106721/Stunnel-SSL-Wrapper-4.47b1.html Tue, 08 Nov 2011 01:41:45 GMT Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. http://packetstormsecurity.org/files/106683/xplico-0.7.0.tgz http://packetstormsecurity.org/files/106683/xplico-0.7.0.tgz http://packetstormsecurity.org/files/106683/Xplico-Network-Forensic-Analysis-Tool-0.7.0.html Mon, 07 Nov 2011 15:35:53 GMT Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages. http://packetstormsecurity.org/files/106605/HPSBOV02467-SSRT090152.txt http://packetstormsecurity.org/files/106605/HPSBOV02467-SSRT090152.txt http://packetstormsecurity.org/files/106605/HP-Security-Bulletin-HPSBOV02467-SSRT090152.html Fri, 04 Nov 2011 21:33:54 GMT HP Security Bulletin HPSBOV02467 SSRT090152 - A potential security vulnerability has been identified with HP OpenVMS TCP/IP Services running POP or IMAP servers. The vulnerability could be remotely exploited to result in unauthorized access. Revision 1 of this advisory. http://packetstormsecurity.org/files/106186/stunnel-4.45.tar.gz http://packetstormsecurity.org/files/106186/stunnel-4.45.tar.gz http://packetstormsecurity.org/files/106186/Stunnel-SSL-Wrapper-4.45.html Tue, 25 Oct 2011 02:00:36 GMT Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. http://packetstormsecurity.org/files/106117/glsa-201110-16.txt http://packetstormsecurity.org/files/106117/glsa-201110-16.txt http://packetstormsecurity.org/files/106117/Gentoo-Linux-Security-Advisory-201110-16.html Sun, 23 Oct 2011 02:57:44 GMT Gentoo Linux Security Advisory 201110-16 - The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a denial of service. Versions less than 2.4.12 are affected. http://packetstormsecurity.org/files/105823/MDVSA-2011-149.txt http://packetstormsecurity.org/files/105823/MDVSA-2011-149.txt http://packetstormsecurity.org/files/105823/Mandriva-Linux-Security-Advisory-2011-149.html Sat, 15 Oct 2011 02:04:59 GMT Mandriva Linux Security Advisory 2011-149 - Multiple vulnerabilities has been discovered and corrected in cyrus-imapd. Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism of the NNTP server, which can be exploited to bypass the authentication process and execute commands intended for authenticated users by sending an AUTHINFO USER command without a following AUTHINFO PASS command. http://packetstormsecurity.org/files/105502/hydra-7.1-src.tar.gz http://packetstormsecurity.org/files/105502/hydra-7.1-src.tar.gz http://packetstormsecurity.org/files/105502/Hydra-Network-Logon-Cracker-7.1.html Mon, 03 Oct 2011 17:22:22 GMT THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus. http://packetstormsecurity.org/files/105497/0x4553-Intercepter.v084.zip http://packetstormsecurity.org/files/105497/0x4553-Intercepter.v084.zip http://packetstormsecurity.org/files/105497/0x4553-Intercepter-WinPcap-Based-Sniffer-0.8.4.html Sun, 02 Oct 2011 17:17:17 GMT 0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality. http://packetstormsecurity.org/files/105468/USN-1221-1.txt http://packetstormsecurity.org/files/105468/USN-1221-1.txt http://packetstormsecurity.org/files/105468/Ubuntu-Security-Notice-USN-1221-1.html Fri, 30 Sep 2011 15:11:30 GMT Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack. http://packetstormsecurity.org/files/105501/hydra-7.0-src.tar.gz http://packetstormsecurity.org/files/105501/hydra-7.0-src.tar.gz http://packetstormsecurity.org/files/105501/Hydra-Network-Logon-Cracker-7.0.html Sun, 25 Sep 2011 12:12:12 GMT THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus. http://packetstormsecurity.org/files/105233/RHSA-2011-1317-01.txt http://packetstormsecurity.org/files/105233/RHSA-2011-1317-01.txt http://packetstormsecurity.org/files/105233/Red-Hat-Security-Advisory-2011-1317-01.html Mon, 19 Sep 2011 23:45:21 GMT Red Hat Security Advisory 2011-1317-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user. http://packetstormsecurity.org/files/105220/stunnel-4.44.tar.gz http://packetstormsecurity.org/files/105220/stunnel-4.44.tar.gz http://packetstormsecurity.org/files/105220/Stunnel-SSL-Wrapper-4.44.html Mon, 19 Sep 2011 06:40:54 GMT Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. http://packetstormsecurity.org/files/104858/stunnel-4.43.tar.gz http://packetstormsecurity.org/files/104858/stunnel-4.43.tar.gz http://packetstormsecurity.org/files/104858/Stunnel-SSL-Wrapper-4.43.html Thu, 08 Sep 2011 01:24:57 GMT Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. http://packetstormsecurity.org/files/104202/RHSA-2011-1187-01.txt http://packetstormsecurity.org/files/104202/RHSA-2011-1187-01.txt http://packetstormsecurity.org/files/104202/Red-Hat-Security-Advisory-2011-1187-01.html Fri, 19 Aug 2011 01:53:33 GMT Red Hat Security Advisory 2011-1187-01 - Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.