Detections
Analytics
WorldMail IMAP Server Directory Traversal Arbitrary Spool Access
high Nessus Network Monitor Plugin ID 3299
Synopsis
The remote host is vulnerable to a buffer overflow and a directory traversal flaw.Description
The remote host is running Eudora WorldMail, a commercial email server for Windows. This version of Worldmail is vulnerable to a remote buffer overflow due to the way that it processes commands with multiple '}' characters. An attacker exploiting this flaw would be able to execute arbitrary code on the target machine. In addition, the IMAP server bundled with the version of WorldMail installed on the remote host fails to filter directory traversal sequences from mailbox names and fails to restrict access to mailboxes within its spool area. An authenticated attacker can exploit these issues to read and manage the messages of other users on the affected application as well as move arbitrary folders on the affected system. Such attacks could result in the disclosure of sensitive information as well as affect the stability of the remote host itself.Solution
No solution is known at this time.See Also
http://www.eudora.com/worldmail
http://www.idefense.com/application/poi/display?id=341&type=vulnerabilities
Plugin Details
Severity: High
ID: 3299
Family: IMAP Servers
Published: 11/17/2005
Updated: 3/6/2019
Nessus ID: 20224
Risk Information
VPR
Risk Factor: High
Score: 7.0
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:qualcomm:worldmail_imap_server
Exploitable With
CANVAS (CANVAS)
Metasploit (Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow)
Reference Information
CVE: CVE-2005-3189, CVE-2005-4267