WU-imap server buffer overflow condition

[Marcell Fodor <m.fodor () mail datanet hu>]

Wu-imapd is an easy to set-up IMAP daemon created and 
distributed by Washington University. Malicious user is 
able to construct a malformed request which will overflow 
an internal buffer, and run code on the server with 
uid/gid of the e-mail owner. The vulnerability mainly 
affects free e-mail providers/mail servers where the user 
has no shell access to the system. 

The buffer overflow may happen when the user ask for 
fetching partial mailbox attributes.

more on my website: http://mantra.freeweb.hu