UW-imapd Tmail And Dmail BOF Vulnerabilities (Linux) Network Vulnerability

Summary

The host has UW-imapd installed and is prone to Buffer Overflow vulnerabilities.

Impact

Successful exploitation allows execution of arbitrary code, but requires that the utilities are configured as a delivery backend for a mail transfer agent allowing overly long destination mailbox names. Impact Level: Application

Solution

Update to Version 2007d. http://www.washington.edu/imap/ http://www.washington.edu/alpine/tmailbug.html

Insight

The flaws are due to boundary error in the tmail/dmail utility, when processing overly long mailbox names composed of a username and '+' character followed by a long string and when specifying a long folder extension argument on the command line.

Affected

University of Washington Alpine 2.00 and priror on Linux. University Of Washington's imapd Versions prior to 2007d on Linux.

References

http://secunia.com/advisories/32483
http://www.washington.edu/alpine/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5005

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Buffer Overflow Vulnerability (Windows)
3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability
Apache mod_proxy content-length buffer overflow
BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)

UW-imapd tmail and dmail BOF Vulnerabilities (Linux)

Take action and discover your vulnerabilities