Advertisement






UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability

CVE Category Price Severity
CVE-2005-2933 CWE-119 Not specified High
Author Risk Exploitation Type Date
PoC or Unknown High Remote 2005-10-06
CPE
cpe:cpe:/a:university_of_washington:uw_imap
CVSS EPSS EPSSP
CVSS:7.5/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.02 0.6

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005100008

Below is a copy:

UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.04.05
www.idefense.com/application/poi/display?id=313&type=vulnerabilities
October 4, 2005

I. BACKGROUND

UW-IMAP is a popular free IMAP service for Linux and UNIX systems and 
is distributed with various Linux distributions. More information can 
be found at the vendor website:

http://www.washington.edu/imap/

II. DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in the University
of Washington's IMAP Server (UW-IMAP) allows attackers to execute 
arbitrary code.

The vulnerability specifically exists due to insufficient bounds
checking on user-supplied values. The mail_valid_net_parse_work() 
function in src/c-client/mail.c is responsible for obtaining and 
validating the specified mailbox name from user-supplied data. An error 
in the parsing of supplied mailbox names will continue to copy memory 
after a " character has been parsed until another " character is found 
as shown here:

long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service)
{
  int i,j;
#define MAILTMPLEN 1024        /* size of a temporary buffer */
  char c,*s,*t,*v,tmp[MAILTMPLEN],arg[MAILTMPLEN];
    
   ...snip...
    
  if (t - v) {            /* any switches or port specification? */
1]  strncpy (t = tmp,v,j);    /* copy it */
    tmp[j] = '

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.