Perdition IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
High Nessus Plugin ID 27598
SynopsisThe remote IMAP server is affected by a format string vulnerability.
DescriptionThe remote IMAP service is actually a Perdition IMAP proxy.
The version of Perdition installed on the remote host appears to be affected by a format string vulnerability in which it copies the IMAP tag into a character buffer without first validating it and then passes it to 'vsnprintf()' as a format string. An unauthenticated remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the permissions under which the proxy runs, by default 'nobody'.
Note that exploiting this to actually execute code may be difficult due to OS and compiler security features.
SolutionUpgrade to Perdition version 1.17.1 or later.