|
|
Family: Gain a shell remotely --> Category: destructive_attack
UW IMAP Mailbox Name Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary
Checks for mailbox name buffer overflow in in UW IMAP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is prone to a buffer overflow.
Description :
The remote host appears to be running a version of the University of
Washington's IMAP daemon that is prone to a buffer overflow
vulnerability involving long mailbox names that begin with a
double-quote character. An authenticated attacker may be able to
exploit this to execute arbitrary code subject to the rights of
the user.
See also :
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
Solution :
Upgrade to UW IMAP imap-2004g or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
