('binary' encoding is not supported, stored as-is) Wu-imapd is an easy to set-up IMAP daemon created and distributed by Washington University. Malicious user is able to construct a malformed request which will overflow an internal buffer, and run code on the server with uid/gid of the e-mail owner. The vulnerability mainly affects free e-mail providers/mail servers where the user has no shell access to the system. The buffer overflow may happen when the user ask for fetching partial mailbox attributes. more on my website: http://mantra.freeweb.hu
This archive was generated by hypermail 2b30 : Fri May 10 2002 - 10:04:41 PDT