WU-imap server buffer overflow condition

From: Marcell Fodor (m.fodorat_private)
Date: Fri May 10 2002 - 07:08:58 PDT

Next message: Stuart Moore: "[Corrected CVE number] Re: Fix available for Sgdynamo"

Previous message: Dug Song: "Re: Publishing Nimda Logs == BAD IDEA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Wu-imapd is an easy to set-up IMAP daemon created and distributed by Washington University. Malicious user is able to construct a malformed request which will overflow an internal buffer, and run code on the server with uid/gid of the e-mail owner. The vulnerability mainly affects free e-mail providers/mail servers where the user has no shell access to the system. The buffer overflow may happen when the user ask for fetching partial mailbox attributes. more on my website: http://mantra.freeweb.hu

Next message: Stuart Moore: "[Corrected CVE number] Re: Fix available for Sgdynamo"
Previous message: Dug Song: "Re: Publishing Nimda Logs == BAD IDEA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 10 2002 - 10:04:41 PDT