Buffer overflow : UW-imapd tmail and dmail BOF Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800149

Categoría: Buffer overflow

Título: UW-imapd tmail and dmail BOF Vulnerabilities - Linux

Resumen: UW-imapd is prone to buffer overflow vulnerabilities.

Descripción: Summary:
UW-imapd is prone to buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to boundary error in the tmail/dmail utility,
when processing overly long mailbox names composed of a username and '+'
character followed by a long string and when specifying a long folder
extension argument on the command line.

Vulnerability Impact:
Successful exploitation allows execution of arbitrary code, but requires
that the utilities are configured as a delivery backend for a mail transfer
agent allowing overly long destination mailbox names.

Affected Software/OS:
- University of Washington Alpine 2.00 and prior on Linux

- University Of Washington's imapd Versions prior to 2007d on Linux

Solution:
Update to Version 2007d.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5005
BugTraq ID: 32072
http://www.securityfocus.com/bid/32072
Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/498002/100/0/threaded
Debian Security Information: DSA-1685 (Google Search)
http://www.debian.org/security/2008/dsa-1685
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
http://www.bitsec.com/en/rad/bsa-081103.c
http://www.bitsec.com/en/rad/bsa-081103.txt
http://www.washington.edu/alpine/tmailbug.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
http://www.openwall.com/lists/oss-security/2008/11/03/3
http://www.openwall.com/lists/oss-security/2008/11/03/4
http://www.openwall.com/lists/oss-security/2008/11/03/5
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
RedHat Security Advisories: RHSA-2009:0275
http://rhn.redhat.com/errata/RHSA-2009-0275.html
http://securitytracker.com/id?1021131
http://secunia.com/advisories/32483
http://secunia.com/advisories/32512
http://secunia.com/advisories/33142
http://secunia.com/advisories/33996
http://securityreason.com/securityalert/4570
http://www.vupen.com/english/advisories/2008/3042
XForce ISS Database: uwimapd-tmail-bo(46281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800149
Categoría:	Buffer overflow
Título:	UW-imapd tmail and dmail BOF Vulnerabilities - Linux
Resumen:	UW-imapd is prone to buffer overflow vulnerabilities.
Descripción:	Summary: UW-imapd is prone to buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to boundary error in the tmail/dmail utility, when processing overly long mailbox names composed of a username and '+' character followed by a long string and when specifying a long folder extension argument on the command line. Vulnerability Impact: Successful exploitation allows execution of arbitrary code, but requires that the utilities are configured as a delivery backend for a mail transfer agent allowing overly long destination mailbox names. Affected Software/OS: - University of Washington Alpine 2.00 and prior on Linux - University Of Washington's imapd Versions prior to 2007d on Linux Solution: Update to Version 2007d. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5005 BugTraq ID: 32072 http://www.securityfocus.com/bid/32072 Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search) http://www.securityfocus.com/archive/1/498002/100/0/threaded Debian Security Information: DSA-1685 (Google Search) http://www.debian.org/security/2008/dsa-1685 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html http://marc.info/?l=full-disclosure&m=122572590212610&w=4 http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 http://www.bitsec.com/en/rad/bsa-081103.c http://www.bitsec.com/en/rad/bsa-081103.txt http://www.washington.edu/alpine/tmailbug.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html http://www.openwall.com/lists/oss-security/2008/11/03/3 http://www.openwall.com/lists/oss-security/2008/11/03/4 http://www.openwall.com/lists/oss-security/2008/11/03/5 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485 RedHat Security Advisories: RHSA-2009:0275 http://rhn.redhat.com/errata/RHSA-2009-0275.html http://securitytracker.com/id?1021131 http://secunia.com/advisories/32483 http://secunia.com/advisories/32512 http://secunia.com/advisories/33142 http://secunia.com/advisories/33996 http://securityreason.com/securityalert/4570 http://www.vupen.com/english/advisories/2008/3042 XForce ISS Database: uwimapd-tmail-bo(46281) https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
Copyright	Copyright (C) 2008 Greenbone AG