| VID |
18003 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
The uw-imap server has a buffer overflow vulnerability in the code which handles the BODY command. By supplying an overly long tag to the the BODY command, an attacker may gain a shell on a target host.
Wu-imapd is an easy to set-up IMAP daemon created and distributed by Washington University.
Malicious user is able to construct a malformed request which will overflow an internal buffer, and run code on the server with uid/gid of the e-mail owner. The vulnerability mainly affects free e-mail providers/mail servers where the user has no shell access to the system.
* References:
http://online.securityfocus.com/archive/1/274821
http://www.securiteam.com/unixfocus/5UP0G1575Y.html
Affected version:
* WU-IMAP 2000.283 default install
* WU-IMAP 2000.284 default install
* WU-IMAP 2000.287 default install
* WU-IMAP 2001.315 compiled with RFC 1730 support |
| Recommendation |
Upgrade to imap-2001a or later:
ftp://ftp.cac.washington.edu/imap/ |
| Related URL |
CVE-2002-0379 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
