Univ. Of Washington imapd Buffer Overflow Vulnerabilities
BID:1110
Info
Univ. Of Washington imapd Buffer Overflow Vulnerabilities
| Bugtraq ID: | 1110 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0284 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on April 16, 2000 by Michal Zalewski <[email protected]> |
| Vulnerable: |
University of Washington imapd 12.264 University of Washington imapd 10.234 |
| Not Vulnerable: | |
Discussion
Univ. Of Washington imapd Buffer Overflow Vulnerabilities
A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible to execute code on the machine.
Executing the list command requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell access.
Overflows have also been found in the COPY, LSUB, RENAME and FIND command. All of these, like the LIST command, require a login on the machine.
A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible to execute code on the machine.
Executing the list command requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell access.
Overflows have also been found in the COPY, LSUB, RENAME and FIND command. All of these, like the LIST command, require a login on the machine.
Exploit / POC
Univ. Of Washington imapd Buffer Overflow Vulnerabilities
Exploits have been released as part of the MetaSploit Framework 2.3.
An exploit was contributed by Gabriel A. Maggiotti <[email protected]>:
Exploits have been released as part of the MetaSploit Framework 2.3.
An exploit was contributed by Gabriel A. Maggiotti <[email protected]>:
Solution / Fix
Univ. Of Washington imapd Buffer Overflow Vulnerabilities
Solution:
This is a historical vulnerability database entry. Fixes may have been released which address this issue, however they may have not been included in the database. The analyst team will be retroactively updating the information in the vulnerability report.
Solution:
This is a historical vulnerability database entry. Fixes may have been released which address this issue, however they may have not been included in the database. The analyst team will be retroactively updating the information in the vulnerability report.
References
Univ. Of Washington imapd Buffer Overflow Vulnerabilities
References:
References: