Perdition IMAPD IMAP Tag Remote Format String Arbitrary Code Execution

This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.


Synopsis :

The remote IMAP server is affected by a format string vulnerability.

Description :

The remote IMAP service is actually a Perdition IMAP proxy.

The version of Perdition installed on the remote host appears to be
affected by a format string vulnerability in which it copies the IMAP
tag into a character buffer without first validating it and then
passes it to 'vsnprintf()' as a format string. An unauthenticated
remote attacker may be able to leverage this issue to execute
arbitrary code on the remote host subject to the permissions under
which the proxy runs, by default 'nobody'.

Note that exploiting this to actually execute code may be difficult
due to OS and compiler security features.

See also :

http://www.securityfocus.com/archive/1/483034

Solution :

Upgrade to Perdition version 1.17.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 27598 ()

Bugtraq ID: 26270

CVE ID: CVE-2007-5740