| VID |
18004 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
A buffer overflow in the remote imap server allows an intruder to execute arbitrary code on this host.
All versions of the University of Washington IMAP server prior to the final (frozen, non-beta) version of imap-4.1 that support SASL server-level authentication are vulnerable. The vulnerability affects all University of Washington IMAP4rev1 servers prior to v10.234. Also, any v10.234 server that was distributed with Pine 4.0 or any imap-4.1.BETA is vulnerable.
Additionally, the vulnerability is present in other IMAP servers that use library code from the University of Washington IMAP server to handle SASL server-level authentication.
IMAP servers that share no code with the University of Washington server are not vulnerable.
* References:
http://www.cert.org/advisories/CA-98.09.imapd.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177&type=0&nav=sec.sba
http://www.securityfocus.com/bid/130 |
| Recommendation |
Obtain and install the most recent version, or patch for your IMAP server. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
