Rapid7 Vulnerability & Exploit Database

RHSA-2002:092: Buffer overflow in UW imap daemon

Back to Search

RHSA-2002:092: Buffer overflow in UW imap daemon

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/25/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID. [Updated 16 April 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

UW imapd is an IMAP daemon from the University of Washington. Version 2000c and previous versions have a bug that allows a malicious user to construct a malformed request which overflows an internal buffer, enabling that user to execute commands on the server with the user's UID/GID. To exploit this problem the user has to have successfully authenticated to the imapd service. Therefore, this vulnerability mainly affects free email providers or mail servers where the user has no shell access to the system. On other systems, in which the user already has shell access, users can already run commands under their own UIDs/GIDs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0379 to this issue. Users of imapd are advised to upgrade to these errata packages containing version 2001a of imapd. They are not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-imap
  • redhat-upgrade-imap-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;