WorldMail IMAP Server Directory Traversal Arbitrary Spool Access

High Nessus Network Monitor Plugin ID 3299

Synopsis

The remote host is vulnerable to a buffer overflow and a directory traversal flaw.

Description

The remote host is running Eudora WorldMail, a commercial email server for Windows. This version of Worldmail is vulnerable to a remote buffer overflow due to the way that it processes commands with multiple '}' characters. An attacker exploiting this flaw would be able to execute arbitrary code on the target machine. In addition, the IMAP server bundled with the version of WorldMail installed on the remote host fails to filter directory traversal sequences from mailbox names and fails to restrict access to mailboxes within its spool area. An authenticated attacker can exploit these issues to read and manage the messages of other users on the affected application as well as move arbitrary folders on the affected system. Such attacks could result in the disclosure of sensitive information as well as affect the stability of the remote host itself.

Solution

No solution is known at this time.

See Also

http://www.idefense.com/application/poi/display?id=341&type=vulnerabilities

http://www.eudora.com/worldmail

Plugin Details

Severity: High

ID: 3299

Family: IMAP Servers

Published: 2005/11/17

Modified: 2016/01/15

Nessus ID: 20224

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Exploitable With

CANVAS (CANVAS)

Metasploit (Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow)

Reference Information

CVE: CVE-2005-4267, CVE-2005-3189

BID: 15488, 15980