IMAP pop-2d POP Daemon FOLD Command Remote Overflow
Critical Nessus Plugin ID 10130
SynopsisThe remote IMAP server is affected by a buffer overflow vulnerability.
DescriptionThere is a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1, which has a vulnerability in its POP-2 daemon, found in the ipopd package. This vulnerability allows an attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 account.
SolutionUpgrade to imap-4.5 or later as this reportedly fixes the issue.