University of Washington imap Server (uw-imapd) BODY Request Remote Overflow

medium Nessus Plugin ID 10966


It is possible to execute arbitrary code on the remote host, through the IMAP server.


The remote version of UW-IMAP is vulnerable to a buffer overflow condition that could allow an authenticated attacker to execute arbitrary code on the remote host with the privileges of the IMAP server.


Upgrade to imap-2001a.

Plugin Details

Severity: Medium

ID: 10966

File Name: imap_body_overflow.nasl

Version: 1.23

Type: remote

Published: 5/29/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: Medium

Score: 6.3


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:university_of_washington:uw-imap:2000.283, cpe:/a:university_of_washington:uw-imap:2000.284, cpe:/a:university_of_washington:uw-imap:2000.287, cpe:/a:university_of_washington:uw-imap:2000.315

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/10/2002

Reference Information

CVE: CVE-2002-0379

BID: 4713