Vulnerabilities > CVE-2002-0379 - Remote Buffer Overflow vulnerability in Wu-imapd Partial Mailbox Attribute
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
description Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2). CVE-2002-0379. Remote exploit for linux platform id EDB-ID:21443 last seen 2016-02-02 modified 2002-05-10 published 2002-05-10 reporter 0x3a0x29 crew source https://www.exploit-db.com/download/21443/ title Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability 2 description Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1). CVE-2002-0379. Remote exploit for linux platform id EDB-ID:21442 last seen 2016-02-02 modified 2002-05-10 published 2002-05-10 reporter korty source https://www.exploit-db.com/download/21442/ title Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability 1
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-034.NASL description A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system. last seen 2020-06-01 modified 2020-06-02 plugin id 13940 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13940 title Mandrake Linux Security Advisory : imap (MDKSA-2002:034) NASL family Gain a shell remotely NASL id IMAP_BODY_OVERFLOW.NASL description The remote version of UW-IMAP is vulnerable to a buffer overflow condition that could allow an authenticated attacker to execute arbitrary code on the remote host with the privileges of the IMAP server. last seen 2020-06-01 modified 2020-06-02 plugin id 10966 published 2002-05-29 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10966 title University of Washington imap Server (uw-imapd) BODY Request Remote Overflow
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487
- http://marc.info/?l=bugtraq&m=102107222100529&w=2
- http://online.securityfocus.com/advisories/4167
- http://www.iss.net/security_center/static/9055.php
- http://www.kb.cert.org/vuls/id/961489
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php
- http://www.linuxsecurity.com/advisories/other_advisory-2120.html
- http://www.redhat.com/support/errata/RHSA-2002-092.html
- http://www.securityfocus.com/bid/4713
- http://www.washington.edu/imap/buffer.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10803