[luau] SECURITY: UW IMAP server remote exploit

Warren Togami warren at togami.com
Fri May 24 15:21:01 PDT 2002


FYI, if you are running UW IMAP server on just about any Linux or Unix
distribution, please check and patch your server.

https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1078

Security Advisory - RHSA-2002:092-11
------------------------------------------------------------------------------
Summary:
Buffer overflow in UW imap daemon

The UW imap daemon contains a buffer overflow which allows a 
logged in, remote user to execute commands on the server 
with the user's UID/GID.

Description:
UW imapd is an IMAP daemon from the University of Washington.  Version
2000c and previous versions have a bug that allows a malicious user to
construct a malformed request which overflows an internal buffer,
enabling that user to execute commands on the server with the user's
UID/GID. 

To exploit this problem the user has to have successfully authenticated
to the imapd service.  Therefore, this vulnerability mainly affects free
email providers or mail servers where the user has no shell access to
the system.
On other systems, in which the user already has shell access, users can
already run commands under their own UIDs/GIDs.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0379 to this issue.

Users of imapd are advised to upgrade to these errata packages
containing version 2001a of imapd. They are not vulnerable to this
issue.

References:
http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529





More information about the LUAU mailing list