UoW imapd (UW-IMAP) Multiple Command Remote Overflows

high Nessus Plugin ID 10625

Synopsis

The remote IMAP server is affected by multiple remote buffer overflow vulnerabilities.

Description

The remote host appears to be running UoW IMAP Server. The installed version is affected by a buffer overflow vulnerability because the software fails to verify input length of arguments to the 'LIST', 'COPY', 'RENAME', 'FIND', 'LSUB' commands. An attacker, exploiting this flaw could execute arbitrary commands subject to the privileges of the connected user.

Solution

Upgrade to imap-2000 or higher, as this reportedly fixes the issue.

See Also

https://seclists.org/bugtraq/2000/Apr/63

https://seclists.org/bugtraq/2000/Apr/74

https://packetstormsecurity.com/0104-exploits/imap-lsub.pl

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=2442

Plugin Details

Severity: High

ID: 10625

File Name: imap4_rev1_overflow.nasl

Version: 1.29

Type: remote

Published: 3/1/2001

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/16/2000

Exploitable With

Metasploit (UoW IMAP Server LSUB Buffer Overflow)

Reference Information

CVE: CVE-2000-0284

BID: 1110