FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imap-uw -- mailbox name handling remote buffer vulnerability

Affected packages
imap-uw < 2004g

Details

VuXML ID 1f6e2ade-35c2-11da-811d-0050bf27ba24
Discovery 2005-10-05
Entry 2005-10-05

FrSIRT reports:

A vulnerability has been identified in UW-IMAP, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a stack overflow error in the "mail_valid_net_parse_work()" [src/c-client/mail.c] function that does not properly handle specially crafted mailbox names containing a quote (") character, which could be exploited by authenticated remote attackers to execute arbitrary commands with the privileges of the IMAP server.

References

CVE Name CVE-2005-2933
URL http://www.frsirt.com/english/advisories/2005/1953
URL http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
URL http://www.washington.edu/imap/documentation/RELNOTES.html