Info

Disclosure

Jul 17, 1998

Discovery

Unknown

Dates

Exploit

Jul 17, 1998

Solution

Unknown

Description

A remote overflow exists in the University of Washington IMAP server. The IMAP server fails to validate the argument passed to the AUTHENTICATE command resulting in a stack overflow. With a specially crafted request, an attacker can gain remote root privileges resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 12.264 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

University of Washington	imap-uw	10.234
		4.7

References

Bugtraq ID: 130
ISS X-Force ID: 1463
CVE ID: 1999-0005 (see also: NVD)
CERT: CA-1998-09
Generic Exploit URL: http://packetstormsecurity.org/new-exploits/imap3.c
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-22-00177-1
Mail List Post: http://www.securityfocus.com/archive/1/9929
CIAC Advisory: i-074
Keyword: TCP Port 143,uw-imapd,wu-imapd,imapd-wu,uow-imapd

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

University of Washington

imap-uw

References

Credit