MidnightBSD

Advisories for barnowl

CVE-2009-0363 HIGH

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ktools owl 2.1.11
barnowl barnowl *
barnowl barnowl 1.0.2
barnowl barnowl 1.0.3
barnowl barnowl 1.0.4
barnowl barnowl 1.0.1
barnowl barnowl 1.0.0
barnowl barnowl 1.0.2.1
CVE-2010-0793 HIGH

Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
barnowl barnowl *
barnowl barnowl 1.4
barnowl barnowl 1.0.3
barnowl barnowl 1.0.4
barnowl barnowl 1.0.4.1
barnowl barnowl 1.3
barnowl barnowl 1.0.0
barnowl barnowl 1.0.2.1
barnowl barnowl 1.1
barnowl barnowl 1.1.1
barnowl barnowl 1.0.2
barnowl barnowl 1.2.1
barnowl barnowl 1.0.5
barnowl barnowl 1.0.1
barnowl barnowl 1.2
barnowl barnowl 1.5
CVE-2010-2725 HIGH

BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
barnowl barnowl *
barnowl barnowl 1.4
barnowl barnowl 1.0.3
barnowl barnowl 1.0.4
barnowl barnowl 1.5.1
barnowl barnowl 1.0.4.1
barnowl barnowl 1.3
barnowl barnowl 1.0.0
barnowl barnowl 1.0.2.1
barnowl barnowl 1.1
barnowl barnowl 1.1.1
barnowl barnowl 1.0.2
barnowl barnowl 1.6
barnowl barnowl 1.2.1
barnowl barnowl 1.0.5
barnowl barnowl 1.0.1
barnowl barnowl 1.2
barnowl barnowl 1.5