OSVDB ID: 19856 Title: UW-imapd Netmailbox Name mail_valid_net_parse_work() Function Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A remote overflow exists in UW-imapd. The mail_valid_net_parse_work() function in 'src/c-client/mail.c' fails to properly validate the user-supplied mailbox name resulting in a stack overflow. With a specially crafted request, a remote authenticated attacker can cause arbitrary code execution resulting in a loss of integrity. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Unknown |
Solution |
Upgrade to version imap-2004g or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
Credit |
|
hotpop.com -