ignore security and it'll go away
Showing 51 - 75 of 379 RSS Feed

IMAP Files

Stunnel SSL Wrapper 4.48
Posted Nov 27, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: FIPS-compliant OpenSSL DLLs are supplied with the Windows installer. FIPS mode can be disabled with the "fips = no" configuration file option. The stability of the Windows GUI was also improved.
tags | tool, arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | b2f4dddfb3415d42bf4ed8f1feb7af19
Stunnel SSL Wrapper 4.47b1
Posted Nov 8, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: This release adds Unix socket support and a new certificate verification mode to ignore the CA chain and only verify the peer certificate. It also includes some performance and scalability optimizations, and compilation bugfixes.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | e7798b04af15f950a0fd437aa7f627f1
Xplico Network Forensic Analysis Tool 0.7.0
Posted Nov 7, 2011
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: XI language localization, Added ICMPv6 dissector, various other dissectors improved. Updated XI to Cakephp 1.3. Many additions, features, and bug fixes added.
tags | tool, imap, forensics
systems | linux
MD5 | 0d27690e2fd8516be2441393831f4026
HP Security Bulletin HPSBOV02467 SSRT090152
Posted Nov 4, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02467 SSRT090152 - A potential security vulnerability has been identified with HP OpenVMS TCP/IP Services running POP or IMAP servers. The vulnerability could be remotely exploited to result in unauthorized access. Revision 1 of this advisory.

tags | advisory, tcp, imap
advisories | CVE-2011-3168
MD5 | 88cab91dbbca5e270c82ad34bcf8674e
Stunnel SSL Wrapper 4.45
Posted Oct 25, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: New "protocol = proxy" support was added to send the original client IP address to haproxy. This requires the accept-proxy bind option of haproxy 1.5-dev3 or later. A number of minor improvements and bugfixes were added, mostly related to Win32 GUI and compilation issues on various platforms.
tags | tool, arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | dee104214a7c13593c1053cdff9a850f
Gentoo Linux Security Advisory 201110-16
Posted Oct 23, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-16 - The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a denial of service. Versions less than 2.4.12 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, imap
systems | linux, gentoo
advisories | CVE-2009-2632, CVE-2011-3208, CVE-2011-3481
MD5 | 1f4a847d1bb7dad134321f46e9531e79
Mandriva Linux Security Advisory 2011-149
Posted Oct 15, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-149 - Multiple vulnerabilities has been discovered and corrected in cyrus-imapd. Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism of the NNTP server, which can be exploited to bypass the authentication process and execute commands intended for authenticated users by sending an AUTHINFO USER command without a following AUTHINFO PASS command.

tags | advisory, remote, overflow, arbitrary, vulnerability, imap
systems | linux, mandriva
advisories | CVE-2011-3208, CVE-2011-3372
MD5 | 1e97fb5fab7bd99948d28d95d46646da
Hydra Network Logon Cracker 7.1
Posted Oct 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added HTTP Proxy URL enumeration module, SOCKS4/SOCKS5 proxy support with authentication, IPv6 support for SOCKS5 module, and more. Various bug fixes and enhancements.
tags | tool, web, cracker, imap
systems | cisco, unix
MD5 | 0c3a6a351cb2e233cb989f0bcdd75edf
Intercepter Sniffer 0.8.4
Posted Oct 2, 2011
Authored by Ares | Site sniff.su

0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

Changes: Added SSL Strip.
tags | tool, web, sniffer, imap, protocol
MD5 | 689722d9d85153eebdd73ab250ac292b
Ubuntu Security Notice USN-1221-1
Posted Sep 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory, imap
systems | linux, ubuntu
advisories | CVE-2011-1429
MD5 | 92236cfa490c9a67d1e989b2f6397d43
Hydra Network Logon Cracker 7.0
Posted Sep 25, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: New main engine for hydra. Lots of bugfixes and additions.
tags | tool, web, cracker, imap
systems | cisco, unix
MD5 | 4678557f796fe86dabdb977548b0b749
Red Hat Security Advisory 2011-1317-01
Posted Sep 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1317-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.

tags | advisory, remote, overflow, arbitrary, imap
systems | linux, redhat
advisories | CVE-2011-3208
MD5 | fb99783908201febb790117035d2c284
Stunnel SSL Wrapper 4.44
Posted Sep 19, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Bugs in the new SNI and memory management code were fixed. Buffer overflow protection was implemented for heap allocations, and gcc buffer overflow protection was enabled for stack allocations.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | c9dd51fc02b913ce5bf7b3fc12f9cb4a
Stunnel SSL Wrapper 4.43
Posted Sep 8, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Win32 OpenSSL DLLs were updated to version 1.0.0e. This version fixes Win32 configuration file reload. FORK and UCONTEXT threading models were corrected and thoroughly tested. Major performance optimization was performed on the logging subsystem.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 84174925a0f2632cc5cd52b3503cf07b
Red Hat Security Advisory 2011-1187-01
Posted Aug 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1187-01 - Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.

tags | advisory, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2011-1929
MD5 | fca58a614fdbcdab6cdde942fa4607ca
Stunnel SSL Wrapper 4.42b2
Posted Jul 27, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: This release fixes a Windows service crash of stunnel 4.40.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | db793abd65e04ef2b5c104b30e546e8f
Stunnel SSL Wrapper 4.40
Posted Jul 24, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: A Win32 GUI menu was added to save cached peer certificate chains. The Win32 "-exit" commandline option was added to stop stunnel when it is not running as a service. File version information was added to stunnel.exe. 2048-bit DH hardcoded parameters are used as a fallback if DH parameters are not provided in stunnel.pem. The default "ciphers" value was updated to prefer ECDH. The default ECDH curve was updated to "prime256v1". Support for temporary RSA keys (used in obsolete export ciphers) was removed.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 7606592f86610d3e0b1ab7c8cb2d3ec8
Hydra Network Logon Cracker 6.5
Posted Jul 17, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added dpl4hydra script by Roland Kessler, Greatly improved HTTP form module, Added interface support for IPv6, Added -W waittime between connects option, and more.
tags | web, imap
systems | cisco, unix
MD5 | 69a5afbbcbe3b1fdd31f9bf616480336
Stunnel SSL Wrapper 4.39
Posted Jul 7, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: A new Windows installer module was added to build a self-signed stunnel.pem. Configuration file editing and log file reopening were added to the Windows GUI. Configuration file reloading with the Windows GUI was improved.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 853739119a8364daea750154af6d7e79
Stunnel SSL Wrapper 4.38
Posted Jun 29, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Server Name Indication (SNI) TLS extension support was implemented for name-based virtual servers. Stunnel can now switch service section on the fly, based on the destination host name included in the Client Hello message. Numerous fixes were also added for bugs introduced in previous, experimental versions.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | de5c0478303da746f946d9c112fa7f4b
Debian Security Advisory 2258-1
Posted Jun 13, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2258-1 - It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Please note that the advisory number listed in this advisory incorrectly calls it 2257-1, but it is 2258-1.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-1926
MD5 | 53b5da26869a890a20776041e9d3f065
Red Hat Security Advisory 2011-0859
Posted Jun 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0859 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. Various other issues were also addressed.

tags | advisory, imap, protocol
systems | linux, redhat
advisories | CVE-2011-1926
MD5 | 282a2dc5e3eb4630e709b008961d9b6b
Xplico Network Forensic Analysis Tool 0.6.3
Posted Jun 7, 2011
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: New decoding manager. WebMail scripts improved. HTTP dissector improved. Various other updates.
tags | tool, imap, forensics
systems | linux
MD5 | 91067785cc0803c85be327779fba4e38
Zero Day Initiative Advisory 11-171
Posted Jun 4, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.

tags | advisory, remote, arbitrary, tcp, imap, code execution
MD5 | f771aa947d620a5ea4c05a84dce94675
Debian Security Advisory 2242-1
Posted May 26, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-1926
MD5 | d20e8cec88afe776aee621e23ae7d78f
Page 3 of 16
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close