University of Washington imap Server (uw-imapd) BODY Request Remote Overflow

This script is Copyright (C) 2002-2012 Tenable Network Security, Inc.


Synopsis :

It is possible to execute arbitrary code on the remote host, through the
IMAP server.

Description :

The remote version of UW-IMAP is vulnerable to a buffer overflow condition
that could allow an authenticated attacker to execute arbitrary code on the
remote host with the privileges of the IMAP server.

Solution :

Upgrade to imap-2001a.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 10966 (imap_body_overflow.nasl)

Bugtraq ID: 4713

CVE ID: CVE-2002-0379