Info

Disclosure

Apr 19, 2000

Discovery

Unknown

Dates

Exploit

Apr 19, 2000

Solution

Unknown

Description

imap-uw contains a flaw that may allow a local denial of service. The problem is that the popd daemon creates lock files with predictable names, which could allow a malicious user to lock mailboxes of other users.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

University of Washington	imap-uw	4.5
		4.5-4

References

Bugtraq ID: 1132
CVE ID: 2000-1197 (see also: NVD)
ISS X-Force ID: 4335
Vendor Specific Advisory URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0128.html
http://archives.neohapsis.com/archives/bugtraq/2000-04/0151.html
Vendor URL: http://www.washington.edu/imap/

Credit

Alex Mottram - alexnet-connect.net -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

University of Washington

imap-uw

References

Credit