Signature Detail
Short Name |
IMAP:EXPLOIT:CMD-FORMAT-STRING |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
IMAP |
Keywords |
Command Line Format String |
Release Date |
2005/09/06 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
IMAP: Command Line Format String
This signature detects attempts to exploit format string vulnerabilities through IMAP. Attackers can send malformed commands prior to authentication. A successful attack can allow execution of arbitrary code.
Extended Description
Courier-IMAP is reported to be susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the user that the IMAP daemon runs as. This vulnerability is exploitable prior to authentication. Courier-IMAP versions 1.6.0 through to 2.2.1 are reported vulnerable. Other versions may also be vulnerable.
Affected Products
- Inter7 Courier-IMAP 1.6.0
- Inter7 Courier-IMAP 1.7.0
- Inter7 Courier-IMAP 2.0.0 .0
- Inter7 Courier-IMAP 2.1.0
- Inter7 Courier-IMAP 2.1.1
- Inter7 Courier-IMAP 2.1.2
- Inter7 Courier-IMAP 2.2.0 .0
- Inter7 Courier-IMAP 2.2.1
- Inter7 Courier-IMAP 3.0.0 .0
- Inter7 Courier-IMAP 3.0.1
- Inter7 Courier-IMAP 3.0.2
- Inter7 Courier-IMAP 3.0.2 r1
References
- BugTraq: 14794
- BugTraq: 10976
- CVE: CVE-2005-2878
- CVE: CVE-2004-0777
- URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1830.html
- URL: http://www.tech-faq.com/format-string-vulnerability.shtml