IMAP: Wu-IMAPd Partial Mailbox Attribute Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Washington University wu-imapd 2000.287 running on linux/x86. Attackers can send a maliciously crafted mailbox attribute in a request to execute arbitrary code on the host; however, a valid IMAP username and login are still required.
Extended Description
Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition. This only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.
Affected Products
Washington_university wu-imapd
Short Name
IMAP:OVERFLOW:WUIMAPD-PART-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
IMAP
Keywords
Attribute Buffer CVE-2002-0379 Mailbox Overflow Partial Wu-IMAPd bid:4713
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Washington_university
CVSS Score
7.5