Users login

Create an account »


Users login

Home » Hacking News » University Of Washington IMAP Arbitrary File Access Vulnerability

University Of Washington IMAP Arbitrary File Access Vulnerability

by Nikola Strahija on June 4th, 2002 uw-imap is an open source Internet Message Access Protocol daemon. It is distributed and maintained by the University of Washington, and available for most operating systems including Unix, Linux, and Microsoft Windows. In configurations where users are not authorized shell access to a system, but have a valid account from which to download mail via IMAP, a user may be able to gain access to information on the server.

The feature enabled by default that allows users to view files via the IMAP daemon could result in information leakage on systems that depend on users not being able to view files on the local system. It should be noted that this feature is not documented in the literature distributed with the software.

Remote: Yes

Exploit: No

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »