IMAP pop-2d POP Daemon FOLD Command Remote Overflow

Critical Nessus Plugin ID 10130


The remote IMAP server is affected by a buffer overflow vulnerability.


There is a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1, which has a vulnerability in its POP-2 daemon, found in the ipopd package. This vulnerability allows an attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 account.


Upgrade to imap-4.5 or later as this reportedly fixes the issue.

See Also

Plugin Details

Severity: Critical

ID: 10130

File Name: ipop2d.nasl

Version: $Revision: 1.32 $

Type: remote

Published: 1999/06/22

Modified: 2011/03/11

Dependencies: 10870, 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Required KB Items: pop2/password

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1999/05/26

Reference Information

CVE: CVE-1999-0920

BID: 283

OSVDB: 104