Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability

Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability

by Nikola Strahija on December 28th, 2002 Wu-imapd is vulnerable to a buffer overflow condition.


This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.

This only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.

Exploit:
http://online.securityfocus.com/data/vulnerabilities/exploits/uw-imap.c
http://online.securityfocus.com/data/vulnerabilities/exploits/0x3a0x29wuim.c

Solution:

Washington University has provided a patch. To see if you are running a vulnerable version of imap, run imap and give the command "x capability". Vulnerable versions display "IMAP4" as the first word after "COMPATIBILITY" - all others are not vulnerable.

HP has recommended applying the available fixes for Red Hat Linux to HP Secure OS 1.0.

Vendor fixes:


Washington University wu-imapd 2000.0 c:

Washington University Upgrade imapd-current
ftp://ftp.cac.washington.edu/mail/imap.tar.Z

EnGarde Secure Linux RPM imap-2000c-1.0.24.i386.rpm
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/imap-2000c-1.0.24.i386.rpm

EnGarde Secure Linux RPM imap-2000c-1.0.24.i686.rpm
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/imap-2000c-1.0.24.i686.rpm

EnGarde Secure Linux RPM imap-2000c-1.0.24.src.rpm
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/SRPMS/imap-2000c-1.0.24.src.rpm

Conectiva RPM imap-2000c-10U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imap-2000c-10U60_3cl.i386.rpm

Conectiva RPM imap-2000c-10U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imap-2000c-10U70_3cl.i386.rpm

Conectiva RPM imap-2000c-12U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/imap-2000c-12U8_2cl.i386.rpm

Conectiva RPM imap-devel-2000c-10U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imap-devel-2000c-10U60_3cl.i386.rpm

Conectiva RPM imap-devel-2000c-10U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imap-devel-2000c-10U70_3cl.i386.rpm

Conectiva RPM imap-devel-2000c-12U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/imap-devel-2000c-12U8_2cl.i386.rpm

Conectiva RPM imap-devel-static-2000c-10U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imap-devel-static-2000c-10U60_3cl.i386.rpm

Conectiva RPM imap-devel-static-2000c-10U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imap-devel-static-2000c-10U70_3cl.i386.rpm

Conectiva RPM imap-devel-static-2000c-12U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/imap-devel-static-2000c-12U8_2cl.i386.rpm

Conectiva RPM imap-doc-2000c-10U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imap-doc-2000c-10U60_3cl.i386.rpm

Conectiva RPM imap-doc-2000c-10U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imap-doc-2000c-10U70_3cl.i386.rpm

Conectiva RPM imap-doc-2000c-12U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/imap-doc-2000c-12U8_2cl.i386.rpm

Washington University wu-imapd 2000.0 b:

MandrakeSoft RPM imap-2000c-4.9mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/7.1/RPMS/imap-2000c-4.9mdk.i586.rpm

MandrakeSoft RPM imap-devel-2000c-4.9mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/7.1/RPMS/imap-devel-2000c-4.9mdk.i586.rpm

MandrakeSoft RPM imap-2000c-4.8mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/7.2/RPMS/imap-2000c-4.8mdk.i586.rpm

MandrakeSoft RPM imap-devel-2000c-4.8mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/7.2/RPMS/imap-devel-2000c-4.8mdk.i586.rpm

MandrakeSoft RPM imap-2000c-4.7mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/8.0/RPMS/imap-2000c-4.7mdk.i586.rpm

MandrakeSoft RPM imap-devel-2000c-4.7mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/8.0/RPMS/imap-devel-2000c-4.7mdk.i586.rpm

MandrakeSoft RPM imap-2000c-4.7mdk.ppc.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/ppc/8.0/RPMS/imap-2000c-4.7mdk.ppc.rpm

MandrakeSoft RPM imap-devel-2000c-4.7mdk.ppc.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/ppc/8.0/RPMS/imap-devel-2000c-4.7mdk.ppc.rpm

MandrakeSoft RPM imap-2000c-7.1mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/8.1/RPMS/imap-2000c-7.1mdk.i586.rpm

MandrakeSoft RPM imap-devel-2000c-7.1mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/8.1/RPMS/imap-devel-2000c-7.1mdk.i586.rpm

MandrakeSoft RPM imap-2000c-7.1mdk.ia64.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/ia64/8.1/RPMS/imap-2000c-7.1mdk.ia64.rpm

MandrakeSoft RPM imap-devel-2000c-7.1mdk.ia64.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/ia64/8.1/RPMS/imap-devel-2000c-7.1mdk.ia64.rpm

MandrakeSoft RPM imap-2001a-5.1mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/8.2/RPMS/imap-2001a-5.1mdk.i586.rpm

MandrakeSoft RPM imap-devel-2001a-5.1mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/8.2/RPMS/imap-devel-2001a-5.1mdk.i586.rpm

MandrakeSoft RPM imap-2001a-5.1mdk.ppc.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/ppc/8.2/RPMS/imap-2001a-5.1mdk.ppc.rpm

MandrakeSoft RPM imap-devel-2001a-5.1mdk.ppc.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/ppc/8.2/RPMS/imap-devel-2001a-5.1mdk.ppc.rpm

MandrakeSoft RPM imap-2000c-4.9mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/1.0.1/RPMS/imap-2000c-4.9mdk.i586.rpm

MandrakeSoft RPM imap-devel-2000c-4.9mdk.i586.rpm
ftp://ftp.rpmfind.net/linux/D/Mandrake/updates/1.0.1/RPMS/imap-devel-2000c-4.9mdk.i586.rpm

Washington University Upgrade imapd-current
ftp://ftp.cac.washington.edu/mail/imap.tar.Z

Washington University wu-imapd 2000.0 a:

Washington University Upgrade imapd-current
ftp://ftp.cac.washington.edu/mail/imap.tar.Z

Washington University wu-imapd 2000.0:

Washington University Upgrade imapd-current
ftp://ftp.cac.washington.edu/mail/imap.tar.Z

Caldera RPM imap-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/imap-2000-14.i386.rpm

Caldera RPM imap-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/imap-2000-14.i386.rpm

Caldera RPM imap-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/imap-2000-14.i386.rpm

Caldera RPM imap-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/imap-2000-14.i386.rpm

Caldera RPM imap-devel-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/imap-devel-2000-14.i386.rpm

Caldera RPM imap-devel-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/imap-devel-2000-14.i386.rpm

Caldera RPM imap-devel-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS/imap-devel-2000-14.i386.rpm

Caldera RPM imap-devel-2000-14.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/imap-devel-2000-14.i386.rpm

Washington University wu-imapd 2001.0 a:

Washington University Upgrade imapd-current
ftp://ftp.cac.washington.edu/mail/imap.tar.Z

Washington University Patch wuimapd2001.patch
http://downloads.securityfocus.com/vulnerabilities/patches/wuimapd2001.patch

Red Hat RPM imap-2001a-1.62.0.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imap-2001a-1.62.0.alpha.rpm

Red Hat RPM imap-2001a-1.62.0.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imap-2001a-1.62.0.i386.rpm

Red Hat RPM imap-2001a-1.62.0.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imap-2001a-1.62.0.sparc.rpm

Red Hat RPM imap-2001a-1.70.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imap-2001a-1.70.0.alpha.rpm

Red Hat RPM imap-2001a-1.70.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imap-2001a-1.70.0.i386.rpm

Red Hat RPM imap-2001a-1.71.0.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imap-2001a-1.71.0.alpha.rpm

Red Hat RPM imap-2001a-1.71.0.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imap-2001a-1.71.0.i386.rpm

Red Hat RPM imap-2001a-1.71.0.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imap-2001a-1.71.0.ia64.rpm

Red Hat RPM imap-2001a-1.72.0.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imap-2001a-1.72.0.i386.rpm

Red Hat RPM imap-2001a-1.72.0.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imap-2001a-1.72.0.ia64.rpm

Red Hat RPM imap-devel-2001a-1.62.0.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/imap-devel-2001a-1.62.0.alpha.rpm

Red Hat RPM imap-devel-2001a-1.62.0.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/imap-devel-2001a-1.62.0.i386.rpm

Red Hat RPM imap-devel-2001a-1.62.0.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/imap-devel-2001a-1.62.0.sparc.rpm

Red Hat RPM imap-devel-2001a-1.70.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/imap-devel-2001a-1.70.0.alpha.rpm

Red Hat RPM imap-devel-2001a-1.70.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/imap-devel-2001a-1.70.0.i386.rpm

Red Hat RPM imap-devel-2001a-1.71.0.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/imap-devel-2001a-1.71.0.alpha.rpm

Red Hat RPM imap-devel-2001a-1.71.0.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/imap-devel-2001a-1.71.0.i386.rpm

Red Hat RPM imap-devel-2001a-1.71.0.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/imap-devel-2001a-1.71.0.ia64.rpm

Red Hat RPM imap-devel-2001a-1.72.0.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/imap-devel-2001a-1.72.0.i386.rpm

Red Hat RPM imap-devel-2001a-1.72.0.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/imap-devel-2001a-1.72.0.ia64.rpm

Trustix RPM imap-2001a-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/imap-2001a-2tr.i586.rpm

Trustix RPM imap-2001a-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/imap-2001a-2tr.i586.rpm

Trustix RPM imap-2001a-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/imap-2001a-2tr.i586.rpm

Trustix RPM imap-devel-2001a-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/imap-devel-2001a-2tr.i586.rpm

Trustix RPM imap-devel-2001a-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/imap-devel-2001a-2tr.i586.rpm

Trustix RPM imap-devel-2001a-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/imap-devel-2001a-2tr.i586.rpm

Washington University wu-imapd 2001.0:

Washington University Upgrade imapd-current
ftp://ftp.cac.washington.edu/mail/imap.tar.Z

Washington University Patch wuimapd2001.patch
http://downloads.securityfocus.com/vulnerabilities/patches/wuimapd2001.patch



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »