UW-imapd Tmail And Dmail BOF Vulnerabilities (Linux) Network Vulnerability

Summary

The host has UW-imapd installed and is prone to Buffer Overflow vulnerabilities.

Impact

Successful exploitation allows execution of arbitrary code, but requires that the utilities are configured as a delivery backend for a mail transfer agent allowing overly long destination mailbox names. Impact Level: Application

Solution

Update to Version 2007d. http://www.washington.edu/imap/ http://www.washington.edu/alpine/tmailbug.html

Insight

The flaws are due to boundary error in the tmail/dmail utility, when processing overly long mailbox names composed of a username and '+' character followed by a long string and when specifying a long folder extension argument on the command line.

Affected

University of Washington Alpine 2.00 and priror on Linux. University Of Washington's imapd Versions prior to 2007d on Linux.

References

http://secunia.com/advisories/32483
http://www.washington.edu/alpine/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5005
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Cyrus SASL Remote Buffer Overflow Vulnerability
Buffer overflow in Apple Quicktime Player
Amarok Player Multiple Vulnerabilities
Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)

UW-imapd tmail and dmail BOF Vulnerabilities (Linux)

Take action and discover your vulnerabilities