University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
BID:12391
Info
University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 12391 |
| Class: | Design Error |
| CVE: |
CVE-2005-0198 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Mark Crispin and Hugh Sheets of the University of Washington are credited with disclosing this issue. |
| Vulnerable: |
University of Washington imap 2004b University of Washington imap 2004a University of Washington imap 2004 University of Washington imap 2002e University of Washington imap 2002d University of Washington imap 2002c University of Washington imap 2002b University of Washington imap 2002 Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Home Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 7 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SGI Advanced Linux Environment 3.0 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core1 |
| Not Vulnerable: |
University of Washington imap 2004c |
Discussion
University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
A remote authentication bypass vulnerability affects the CRAM-MD5 authentication functionality of the University of Washington IMAP server. This issue is due to a logic error that fails to properly validate authentication attempts.
It should be noted that this issue only affects servers with CRAM-MD5 authentication enabled, which is not the case by default.
A remote attacker may leverage this issue to authenticate to the affected server as any user.
A remote authentication bypass vulnerability affects the CRAM-MD5 authentication functionality of the University of Washington IMAP server. This issue is due to a logic error that fails to properly validate authentication attempts.
It should be noted that this issue only affects servers with CRAM-MD5 authentication enabled, which is not the case by default.
A remote attacker may leverage this issue to authenticate to the affected server as any user.
Exploit / POC
University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Turbolinux has made an advisory available (TLSA-2005-32) dealing with this issue. Please see the referenced advisory for more information.
Mandrake linux has made an advisory available (MDKSA-2005:026) dealing with this issue. Please see the referenced advisory for more information.
Gentoo linux has made advisory GLSA 200502-02 available dealing with this issue. Gentoo advises that all UW IMAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004b"
For more information please see the referenced Gentoo advisory.
Red Hat has released advisory RHSA-2005:128-06 to address this issue in Red Hat Enterprise Linux 3. Please see the advisory in Web references for more information.
SuSE has released summary report SUSE-SR:2005:006 mainly to address vulnerabilities described in other BIDs. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are pending release. Customers are advised to see the referenced advisory for further information.
SuSE Linux has released advisory SUSE-SA:2005:012 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Silicon Graphics has released advisory 20050301-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.
The Fedora Legacy project has released advisory FLSA:152912 to address this issue in RedHat Linux 7.3, 9, and Fedora Core 1. Please see the referenced advisory for further information.
University of Washington imap 2002b
University of Washington imap 2004
University of Washington imap 2004a
University of Washington imap 2002
University of Washington imap 2002c
University of Washington imap 2002e
University of Washington imap 2002d
University of Washington imap 2004b
Solution:
The vendor has released an upgrade dealing with this issue.
Turbolinux has made an advisory available (TLSA-2005-32) dealing with this issue. Please see the referenced advisory for more information.
Mandrake linux has made an advisory available (MDKSA-2005:026) dealing with this issue. Please see the referenced advisory for more information.
Gentoo linux has made advisory GLSA 200502-02 available dealing with this issue. Gentoo advises that all UW IMAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/uw-imap-2004b"
For more information please see the referenced Gentoo advisory.
Red Hat has released advisory RHSA-2005:128-06 to address this issue in Red Hat Enterprise Linux 3. Please see the advisory in Web references for more information.
SuSE has released summary report SUSE-SR:2005:006 mainly to address vulnerabilities described in other BIDs. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are pending release. Customers are advised to see the referenced advisory for further information.
SuSE Linux has released advisory SUSE-SA:2005:012 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Silicon Graphics has released advisory 20050301-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.
The Fedora Legacy project has released advisory FLSA:152912 to address this issue in RedHat Linux 7.3, 9, and Fedora Core 1. Please see the referenced advisory for further information.
University of Washington imap 2002b
-
TurboLinux imap-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imap-2002b-11.i586.rpm -
TurboLinux imap-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/imap-2002b-11.i586.rpm -
TurboLinux imap-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imap-2002b-11.i586.rpm -
TurboLinux imap-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/imap-2002b-11.i586.rpm -
TurboLinux imap-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imap-2002b-11.i586.rpm -
TurboLinux imap-devel-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imap-devel-2002b-11.i586.rpm -
TurboLinux imap-devel-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/imap-devel-2002b-11.i586.rpm -
TurboLinux imap-devel-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imap-devel-2002b-11.i586.rpm -
TurboLinux imap-devel-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/imap-devel-2002b-11.i586.rpm -
TurboLinux imap-devel-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imap-devel-2002b-11.i586.rpm -
TurboLinux imap-libs-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/imap-libs-2002b-11.i586.rpm -
TurboLinux imap-libs-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/imap-libs-2002b-11.i586.rpm -
TurboLinux imap-libs-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/imap-libs-2002b-11.i586.rpm -
TurboLinux imap-libs-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/imap-libs-2002b-11.i586.rpm -
TurboLinux imap-libs-2002b-11.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/imap-libs-2002b-11.i586.rpm -
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
University of Washington imap 2004
-
Mandrake imap-2004-2.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-2004-2.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-devel-2004-2.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-devel-2004-2.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-utils-2004-2.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-utils-2004-2.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64c-client-php0-2004-2.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64c-client-php0-devel-2004-2.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libc-client-php0-2004-2.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libc-client-php0-devel-2004-2.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
University of Washington imap 2004a
-
SuSE imap-2004a-3.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/imap-2004a-3.2.i5 86.rpm -
SuSE imap-2004a-3.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/imap-2004a-3.2. x86_64.rpm -
TurboLinux imap-2004a-5.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imap-2004a-5.i586.rpm -
TurboLinux imap-debug-2004a-5.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imap-debug-2004a-5.i586.rpm -
TurboLinux imap-devel-2004a-5.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/imap-devel-2004a-5.i586.rpm -
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
University of Washington imap 2002
-
SuSE imap-2002-56.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/imap-2002-56.i586 .rpm
University of Washington imap 2002c
-
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
University of Washington imap 2002e
-
SuSE imap-2002e-92.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/imap-2002e-92.4.i 586.rpm -
SuSE imap-2002e-92.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/imap-2002e-92 .4.x86_64.rpm -
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
University of Washington imap 2002d
-
Mandrake imap-2002d-8.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-2002d-8.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-2002d-8.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-devel-2002d-8.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-devel-2002d-8.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-devel-2002d-8.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-devel-2002d-8.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-utils-2002d-8.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-utils-2002d-8.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-utils-2002d-8.1.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake imap-utils-2002d-8.1.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
RedHat imap-2001a-10.1.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/imap-2001a-10 .1.legacy.i386.rpm -
RedHat imap-2001a-18.1.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/9/updates/i386/imap-2001a-18.1 .legacy.i386.rpm -
RedHat imap-2002d-3.1.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/imap-2002d-3.1. legacy.i386.rpm -
RedHat imap-devel-2001a-10.1.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/imap-devel-20 01a-10.1.legacy.i386.rpm -
RedHat imap-devel-2001a-18.1.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/9/updates/i386/imap-devel-2001 a-18.1.legacy.i386.rpm -
RedHat imap-devel-2002d-3.1.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/imap-devel-2002 d-3.1.legacy.i386.rpm -
SuSE imap-2002d-59.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/imap-2002d-59.i58 6.rpm -
SuSE imap-2002d-59.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/imap-2002d-59 .x86_64.rpm -
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
University of Washington imap 2004b
-
University of Washington UW-imap 2004c
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
References
University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability
References:
References:
- RHSA-2005:128-06 - Moderate: imap security update (RedHat)
- UW IMAP Server Documentation - Release Notes (University of Washington)
- UW-IMAP Homepage (University of Washington)
- Vulnerability Note VU#702777 - UW-imapd fails to properly authenticate users (US-CERT)