Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WorldMail IMAP Server Directory Traversal Arbitrary Spool Access

High

Synopsis

The remote host is vulnerable to a buffer overflow and a directory traversal flaw.

Description

The remote host is running Eudora WorldMail, a commercial email server for Windows. This version of Worldmail is vulnerable to a remote buffer overflow due to the way that it processes commands with multiple '}' characters. An attacker exploiting this flaw would be able to execute arbitrary code on the target machine. In addition, the IMAP server bundled with the version of WorldMail installed on the remote host fails to filter directory traversal sequences from mailbox names and fails to restrict access to mailboxes within its spool area. An authenticated attacker can exploit these issues to read and manage the messages of other users on the affected application as well as move arbitrary folders on the affected system. Such attacks could result in the disclosure of sensitive information as well as affect the stability of the remote host itself.

Solution

No solution is known at this time.