Vulnerability Development mailing list archives
WU-imap server buffer overflow condition
From: Marcell Fodor <m.fodor () mail datanet hu>
Date: 10 May 2002 14:08:58 -0000
Wu-imapd is an easy to set-up IMAP daemon created and distributed by Washington University. Malicious user is able to construct a malformed request which will overflow an internal buffer, and run code on the server with uid/gid of the e-mail owner. The vulnerability mainly affects free e-mail providers/mail servers where the user has no shell access to the system. The buffer overflow may happen when the user ask for fetching partial mailbox attributes. more on my website: http://mantra.freeweb.hu
Current thread:
- WU-imap server buffer overflow condition Marcell Fodor (May 10)