FreeBSD : up-imapproxy -- multiple vulnerabilities (927743d4-5ca9-11d9-a9e7-0001020eed82)
Medium Nessus Plugin ID 19033
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionTimo Sirainen reports :
There are various bugs in up-imapproxy which can crash it. Since up-imapproxy runs in a single process with each connection handled in a separate thread, any crash kills all the connections and stops listening for new ones.
In 64bit systems it might be possible to make it leak data (mails, passwords, ..) from other connections to attacker's connection.
However I don't think up-imapproxy actually works in any 64bit system so this is just a theoretical problem.
SolutionUpdate the affected packages.