University of Washington imap Server (uw-imapd) BODY Request Remote Overflow

medium Nessus Plugin ID 10966

Synopsis

It is possible to execute arbitrary code on the remote host, through the IMAP server.

Description

The remote version of UW-IMAP is vulnerable to a buffer overflow condition that could allow an authenticated attacker to execute arbitrary code on the remote host with the privileges of the IMAP server.

Solution

Upgrade to imap-2001a.

Plugin Details

Severity: Medium

ID: 10966

File Name: imap_body_overflow.nasl

Version: 1.23

Type: remote

Family: Gain a shell remotely

Published: 5/29/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:university_of_washington:uw-imap:2000.283, cpe:/a:university_of_washington:uw-imap:2000.284, cpe:/a:university_of_washington:uw-imap:2000.287, cpe:/a:university_of_washington:uw-imap:2000.315

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/10/2002

Reference Information

CVE: CVE-2002-0379

BID: 4713

Detections

Analytics