Signature Detail
Short Name |
IMAP:OVERFLOW:WUIMAPD-MBOX-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
IMAP |
Keywords |
Wu-IMAPd Mailbox Buffer Overflow |
Release Date |
2005/10/31 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
IMAP: Wu-IMAPd Mailbox Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Washington University wu-imapd 2004g. Attackers can send a maliciously crafted mailbox name in a request to execute arbitrary code on the host; however a valid IMAP username and login are still required.
Extended Description
University of Washington IMAP is prone to a buffer-overflow vulnerability. This issue is exposed when the application parses mailbox names. If successful, an attacker may execute arbitrary code in the context of the server process. Note that to exploit this issue, the attacker must first authenticate to the service.
Affected Products
- Avaya Converged Communications Server 2.0.0
- Avaya CVLAN
- Avaya Integrated Management
- Avaya Interactive Response
- Avaya Intuity LX
- Avaya Message Networking
- Avaya Messaging Storage Server
- Avaya S8300 R2.0.0
- Avaya S8300 R2.0.1
- Avaya S8500 R2.0.0
- Avaya S8500 R2.0.1
- Avaya S8700 R2.0.0
- Avaya S8700 R2.0.1
- Avaya S8710 R2.0.0
- Avaya S8710 R2.0.1
- Conectiva Linux 10.0.0
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Gentoo Linux
- Mandriva Corporate Server 2.1.0
- Mandriva Corporate Server 2.1.0 X86 64
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 10.1.0
- Mandriva Linux Mandrake 10.1.0 X86 64
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Mandriva Linux Mandrake 2006.0.0
- Mandriva Linux Mandrake 2006.0.0 X86 64
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Fedora Core3
- Red Hat Fedora Core4
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 9.0.0 I386
- Red Hat Stronghold 4.0.0
- SGI ProPack 3.0.0 SP6
- Slackware Linux 10.0.0
- Slackware Linux 10.1.0
- Slackware Linux 10.2.0
- Slackware Linux 8.1.0
- Slackware Linux 9.0.0
- Slackware Linux 9.1.0
- Slackware Linux -Current
- SuSE Linux 8.0.0
- SuSE Linux 8.0.0 i386
- SuSE Linux 8.1.0
- SuSE LINUX 9.1 Personal Edition CD-ROM Null
- SuSE Linux Connectivity Server
- SuSE Linux Database Server
- SuSE Linux Desktop 1.0.0
- SuSE Linux Enterprise Server for S/390 9.0.0
- SuSE Linux Enterprise Server for S/390
- SuSE Linux Office Server
- SuSE Linux Openexchange Server
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 8.2.0
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.0.0 X86 64
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Linux Personal 9.3.0 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 7.3.0
- SuSE Linux Professional 8.2.0
- SuSE Linux Professional 9.0.0
- SuSE Linux Professional 9.0.0 X86 64
- SuSE Linux Professional 9.1.0
- SuSE Linux Professional 9.1.0 X86 64
- SuSE Linux Professional 9.2.0
- SuSE Linux Professional 9.2.0 X86 64
- SuSE Linux Professional 9.3.0
- SuSE Linux Professional 9.3.0 X86 64
- SuSE Novell Linux Desktop 1.0.0
- SuSE Novell Linux Desktop 9.0.0
- SuSE Office Server
- SuSE Open-Enterprise-Server 9.0.0
- SuSE SUSE Linux Enterprise Server 7
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- University of Washington imap 2001A
- University of Washington imap 2002
- University of Washington imap 2002b
- University of Washington imap 2002c
- University of Washington imap 2002D
- University of Washington imap 2002E
- University of Washington imap 2004
- University of Washington imap 2004A
- University of Washington imap 2004B
- University of Washington imap 2004C
- University of Washington imap 2004D
- University of Washington imap 2004E
- University of Washington imap 2004F
References