Signature Detail

IMAP: Wu-IMAPd Partial Mailbox Attribute Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Washington University wu-imapd 2000.287 running on linux/x86. Attackers can send a maliciously crafted mailbox attribute in a request to execute arbitrary code on the host; however, a valid IMAP username and login are still required.

Extended Description

Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition. This only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.

Affected Products

• Washington University wu-imapd 2000.0.0
• Washington University wu-imapd 2000.0.0 A
• Washington University wu-imapd 2000.0.0 b
• Washington University wu-imapd 2000.0.0 c
• Washington University wu-imapd 2001.0.0
• Washington University wu-imapd 2001.0.0 a

References

• BugTraq: 4713
• CVE: CVE-2002-0379