WorldMail IMAP Server Directory Traversal Arbitrary Spool Access

High Nessus Network Monitor Plugin ID 3299


The remote host is vulnerable to a buffer overflow and a directory traversal flaw.


The remote host is running Eudora WorldMail, a commercial email server for Windows. This version of Worldmail is vulnerable to a remote buffer overflow due to the way that it processes commands with multiple '}' characters. An attacker exploiting this flaw would be able to execute arbitrary code on the target machine. In addition, the IMAP server bundled with the version of WorldMail installed on the remote host fails to filter directory traversal sequences from mailbox names and fails to restrict access to mailboxes within its spool area. An authenticated attacker can exploit these issues to read and manage the messages of other users on the affected application as well as move arbitrary folders on the affected system. Such attacks could result in the disclosure of sensitive information as well as affect the stability of the remote host itself.


No solution is known at this time.

See Also

Plugin Details

Severity: High

ID: 3299

Family: IMAP Servers

Published: 2005/11/17

Modified: 2016/01/15

Nessus ID: 20224

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND


Base Score: 7.3

Temporal Score: 7.3


Temporal Vector: CVSS3#E:H/RL:U/RC:X

Exploitable With


Metasploit (Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow)

Reference Information

CVE: CVE-2005-4267, CVE-2005-3189

BID: 15488, 15980