UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
| wuimapd-partial-mailbox-bo (9055) |  High Risk |
Description:
UW IMAP (wu-imapd) is vulnerable to a buffer overflow. A remote attacker with a valid user account could request partial mailbox attributes to overflow a buffer and execute arbitrary commands on the system or cause the server to crash.
Consequences:
Gain Access
Remedy:
Apply the patch for this vulnerability included in the BugTraq Mailing List posting dated May 11 2002 12:34AM. See References.
For Caldera OpenLinux 3.1 and 3.1.1 (Server and Workstation):
Upgrade to the latest version of imap (2000-14 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-021.0. See References.
For Conectiva Linux 6.0:
Upgrade to the latest version of imap (2000c-10U60_3cl or later), as listed in Conectiva Linux Security Announcement CLA-2002:487. See References.
For Conectiva Linux 7.0:
Upgrade to the latest version of imap (2000c-10U70_3cl or later), as listed in Conectiva Linux Security Announcement CLA-2002:487. See References.
For Conectiva Linux 8.0:
Upgrade to the latest version of imap (2000c-12U8_2cl or later), as listed in Conectiva Linux Security Announcement CLA-2002:487. See References.
For Mandrake Linux 7.1 and Corporate Server 1.0.1:
Upgrade to the latest version of imap (2000c-4.9mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:034 : imap. See References.
For Mandrake Linux 7.2:
Upgrade to the latest version of imap (2000c-4.8mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:034 : imap. See References.
For Mandrake Linux 8.0:
Upgrade to the latest version of imap (2000c-4.7mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:034 : imap. See References.
For Mandrake Linux 8.1:
Upgrade to the latest version of imap (2000c-7.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:034 : imap. See References.
For Mandrake Linux 8.2:
Upgrade to the latest version of imap (2001a-5.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2002:034 : imap. See References.
For Red Hat Linux:
Upgrade to the latest imap package, as listed below. Refer to RHSA-2002:092-13 for more information. See References.
Red Hat 6.2: 2001a-1.62.0 or later
Red Hat 7.0: 2001a-1.70.0 or later
Red Hat 7.1, 7.1for iSeries, 7.1 for pSeries: 2001a-1.71.0 or later
Red Hat 7.2: 2001a-1.72.0 or later
For HP Secure OS software for Linux Release 1.0:
Apply the RHSA-2002:092 RPMs, as listed in Hewlett-Packard Company Security Advisory HPSBTL0205-043. See References.
For EnGarde Secure Linux Community Edition:
Upgrade to the latest version of imap (2000c-1.0.23 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20020607-013. See References.
For Debian GNU/Linux:
Upgrade to the latest cyrus-imapd package, as listed below. Refer to DSA-215- for more information. See References.
Debian GNU/Linux 2.2 (potato): 1.5.19-2.2 or later
Debian GNU/Linux 3.0 (woody): 1.5.19-9.1or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Fri May 10 2002 - 10:27:13 CDT: wu-imap buffer overflow condition.
- BugTraq Mailing List, Fri May 10 2002 - 19:34:58 CDT: Re: wu-imap buffer overflow condition.
- Caldera International, Inc. Security Advisory CSSA-2002-021.0: Linux: imapd buffer overflow when fetching partial mailbox attributes.
- CIAC Information Bulletin M-085: University of Washington Imapd Buffer Overflow Vulnerability.
- Conectiva Linux Announcement CLSA-2002:487: imap.
- EnGarde Secure Linux Security Advisory ESA-20020607-013: Remote buffer overflow in imap daemon.. (From LinuxSecurity archive)
- Hewlett-Packard Company Security Advisory HPSBTL0205-043: Security vulnerability in imap. (From SecurityFocus archive.)
- University of Washington Web site: UW IMAP software.
- BID-4713: Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
- CVE-2002-0379: Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
- MDKSA-2002:034: Updated imap packages fix buffer overflow vulnerability
- OSVDB ID: 790: UoW imap Server (uw-imapd) BODY Request Remote Overflow
- RHSA-2002-092: Buffer overflow in UW imap daemon
- US-CERT VU#961489: University of Washington IMAP Server vulnerable to buffer overflow after login
Platforms Affected:
- Conectiva Linux 6.0
- Conectiva Linux 7.0
- Conectiva Linux 8.0
- Debian Debian Linux 2.2
- Debian Debian Linux 3.0
- EngardeLinux Secure Linux
- HP Secure OS 1.0
- MandrakeSoft Mandrake Linux 7.1
- MandrakeSoft Mandrake Linux 7.2
- MandrakeSoft Mandrake Linux 8.0
- MandrakeSoft Mandrake Linux 8.1
- MandrakeSoft Mandrake Linux 8.2
- MandrakeSoft Mandrake Linux Corporate Server 1.0.1
- RedHat Linux 6.2
- RedHat Linux 7
- RedHat Linux 7.1
- RedHat Linux 7.1 for iSeries
- RedHat Linux 7.1 for pSeries
- RedHat Linux 7.2
- RedHat Linux 7.3
- SCO Caldera OpenLinux Server 3.1
- SCO Caldera OpenLinux Server 3.1.1
- SCO Caldera OpenLinux Workstation 3.1
- SCO Caldera OpenLinux Workstation 3.1.1
- University of Washington UW IMAP 2000.283
- University of Washington UW IMAP 2000.284
- University of Washington UW IMAP 2000.287
- University of Washington UW IMAP 2001.315
Reported:
May 10, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this