Info

Disclosure

Apr 16, 2000

Discovery

Unknown

Dates

Exploit

Apr 16, 2000

Solution

Unknown

Description

A remote overflow exists in the University of Washington IMAP server. The IMAP server fails to verify input length of arguments to the LIST, COPY, RENAME, FIND, and LSUB commands commands resulting in buffer overflows. With a specially crafted request, an attacker can cause arbitrary code execution with the privileges of the user resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to imap-2000 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

University of Washington	imap-uw	4.7
		10.234
		12.264

References

Bugtraq ID: 1110
CVE ID: 2000-0284 (see also: NVD)
ISS X-Force ID: 4338
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:14.imap-uw.asc
Generic Exploit URL: http://packetstormsecurity.org/0104-exploits/imap-lsub.pl
Mail List Post: http://www.securityfocus.com/archive/1/55450
Other Advisory URL: http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=2442
Keyword: TCP Port 143,uw-imapd,wu-imapd,imapd-wu,uow-imapd

Credit

Michal Zalewski - lcamtufdione.ids.pl - Personal page

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

University of Washington

imap-uw

References

Credit