The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID. [Updated 16 April 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.
UW imapd is an IMAP daemon from the University of Washington. Version 2000c and previous versions have a bug that allows a malicious user to construct a malformed request which overflows an internal buffer, enabling that user to execute commands on the server with the user's UID/GID. To exploit this problem the user has to have successfully authenticated to the imapd service. Therefore, this vulnerability mainly affects free email providers or mail servers where the user has no shell access to the system. On other systems, in which the user already has shell access, users can already run commands under their own UIDs/GIDs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0379 to this issue. Users of imapd are advised to upgrade to these errata packages containing version 2001a of imapd. They are not vulnerable to this issue.