WorldMail IMAP Server Directory Traversal Arbitrary Spool Access

high Nessus Network Monitor Plugin ID 3299

Synopsis

The remote host is vulnerable to a buffer overflow and a directory traversal flaw.

Description

The remote host is running Eudora WorldMail, a commercial email server for Windows. This version of Worldmail is vulnerable to a remote buffer overflow due to the way that it processes commands with multiple '}' characters. An attacker exploiting this flaw would be able to execute arbitrary code on the target machine. In addition, the IMAP server bundled with the version of WorldMail installed on the remote host fails to filter directory traversal sequences from mailbox names and fails to restrict access to mailboxes within its spool area. An authenticated attacker can exploit these issues to read and manage the messages of other users on the affected application as well as move arbitrary folders on the affected system. Such attacks could result in the disclosure of sensitive information as well as affect the stability of the remote host itself.

Solution

No solution is known at this time.

See Also

http://www.idefense.com/application/poi/display?id=341&type=vulnerabilities

http://www.eudora.com/worldmail

Plugin Details

Severity: High

ID: 3299

Family: IMAP Servers

Published: 11/17/2005

Updated: 3/6/2019

Nessus ID: 20224

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:qualcomm:worldmail_imap_server

Exploitable With

CANVAS (CANVAS)

Metasploit (Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow)

Reference Information

CVE: CVE-2005-3189, CVE-2005-4267

BID: 15488, 15980