Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-16118: imap-handle: Do not crash on PREAUTH greeting (4e245d75) · Commits · GNOME / balsa · GitLab

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

CVE
#microsoft#git#auth#ssl

Commit 4e245d75 authored Feb 16, 2020 by Committed by Peter Bloomfield Feb 16, 2020

Browse files

imap-handle: Do not crash on PREAUTH greeting

when it hasn’t resulted in storing last-message.

* libbalsa/imap/imap-handle.c (imap_mbox_connect): do not dereference NULL ImapHandle:last_msg; (ir_preauth): parse a PREAUTH greeting the same as an OK greeting.

Fixes #23

  • Changes 2

2020-02-16 Albrecht Dreß [email protected]

imap-handle: Do not crash on PREAUTH greeting

when it hasn’t resulted in storing last-message.

* libbalsa/imap/imap-handle.c (imap_mbox_connect): do not

dereference NULL ImapHandle:last_msg;

(ir_preauth): parse PREAUTH greeting the same as OK.

Fixes https://gitlab.gnome.org/GNOME/balsa/issues/23

2020-02-07 Peter Bloomfield [email protected]

mailbox: Sort when new details about a message are found

@@ -699,7 +699,7 @@ imap_mbox_connect(ImapMboxHandle* handle)

imap_handle_disconnect(handle);

return IMAP_PROTOCOL_ERROR;

}

handle->can_fetch_body =

handle->can_fetch_body = (handle->last_msg != NULL) &&

(strncmp(handle->last_msg, "Microsoft Exchange", 18) != 0);

if((handle->tls_mode == NET_CLIENT_CRYPT_ENCRYPTED) ||

(handle->tls_mode == NET_CLIENT_CRYPT_NONE)) {

@@ -2344,9 +2344,13 @@ ir_bad(ImapMboxHandle *h)

static ImapResponse

ir_preauth(ImapMboxHandle *h)

{

if(imap_mbox_handle_get_state(h) == IMHS_CONNECTED)

imap_mbox_handle_set_state(h, IMHS_AUTHENTICATED);

return IMR_OK;

ImapResponse resp;

resp = ir_ok(h);

if ((resp == IMR_OK) && (imap_mbox_handle_get_state(h) == IMHS_CONNECTED)) {

imap_mbox_handle_set_state(h, IMHS_AUTHENTICATED);

}

return resp;

}

/* ir_bye:

Related news

CVE-2021-39272: NO STARTTLS

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

CVE-2021-38370: NO STARTTLS

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907