CVE-2004-0224

Description

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

Affected products

• double_precision_incorporated / courier_mta0.43 – 0.43
• double_precision_incorporated / courier_mta0.43.1 – 0.43.1
• double_precision_incorporated / courier_mta0.43.2 – 0.43.2
• double_precision_incorporated / courier_mta0.44 – 0.44
• double_precision_incorporated / courier_mta0.44.2 – 0.44.2
• double_precision_incorporated / sqwebmail3.5.2 – 3.5.2
• double_precision_incorporated / sqwebmail3.5.3 – 3.5.3
• double_precision_incorporated / sqwebmail3.6.1 – 3.6.1
• double_precision_incorporated / sqwebmail3.6.2 – 3.6.2
• double_precision_incorporated / sqwebmail3.6_.0 – 3.6_.0
• gentoo / linux1.4 – 1.4
• gentoo / linux1.4 – 1.4
• gentoo / linux1.4 – 1.4
• gentoo / linux1.4 – 1.4
• inter7 / courier-imap2.1.1 – 2.1.1
• inter7 / courier-imap2.1.2 – 2.1.2
• inter7 / courier-imap2.2.0 – 2.2.0
• inter7 / courier-imap2.2.1 – 2.2.1
• inter7 / courier-imap1.6 – 1.6
• inter7 / courier-imap1.7 – 1.7
• inter7 / courier-imap2.0.0 – 2.0.0
• inter7 / courier-imap2.1 – 2.1

References

• MISChttp://sourceforge.net/project/shownotes.php?release_id=5767
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15434
• VENDOR_ADVISORYhttp://secunia.com/advisories/11087/
• MISChttp://www.securityfocus.com/bid/9845