IMAP pop-2d POP Daemon FOLD Command Remote Overflow

This script is Copyright (C) 1999-2011 Tenable Network Security, Inc.

Synopsis :

The remote IMAP server is affected by a buffer overflow vulnerability.

Description :

There is a buffer overflow in the imap suite provided with Debian
GNU/Linux 2.1, which has a vulnerability in its POP-2 daemon, found in
the ipopd package. This vulnerability allows an attacker to gain a
shell as user 'nobody', but requires the attacker to have a valid pop2

See also :

Solution :

Upgrade to imap-4.5 or later as this reportedly fixes the issue.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 10130 (ipop2d.nasl)

Bugtraq ID: 283

CVE ID: CVE-1999-0920