Vulnerabilities > CVE-2001-0691 - Unspecified vulnerability in University of Washington Imapd 2000/2000C

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.

Vulnerable Configurations

Part Description Count
Application
University_Of_Washington
2

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2001-054.NASL
descriptionSeveral buffer overflow vulnerabilities have been found in the UW-IMAP package by the authors and independent groups. These vulnerabilities can be exploited only once a user has authenticated which limits the extent of the vulnerability to a remote shell with that user
last seen2020-06-01
modified2020-06-02
plugin id13871
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/13871
titleMandrake Linux Security Advisory : imap (MDKSA-2001:054)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2001:054. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(13871);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2001-0691");
  script_xref(name:"MDKSA", value:"2001:054");

  script_name(english:"Mandrake Linux Security Advisory : imap (MDKSA-2001:054)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several buffer overflow vulnerabilities have been found in the UW-IMAP
package by the authors and independent groups. These vulnerabilities
can be exploited only once a user has authenticated which limits the
extent of the vulnerability to a remote shell with that user's
permissions. On systems where the user already has a shell, nothing
new will be provided to that user, unless the user has only local
shell access. On systems where the email accounts do not provide shell
access, however, the problem is much greater."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected imap and / or imap-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:imap-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"imap-2000c-4.6mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"imap-devel-2000c-4.6mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"imap-2000c-4.5mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"imap-devel-2000c-4.5mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"imap-2000c-4.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"imap-devel-2000c-4.4mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
rhsa
idRHSA-2001:094