|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Multiple IMAP Clients System Access Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue May 20 2003 - 07:00:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Multiple IMAP Clients System Access Vulnerabilities
READ ONLINE:
http://www.secunia.com/advisories/8810/
CRITICAL:
Less critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Eudora 5.x
Microsoft Outlook Express 6
Ximian Evolution 1.2.x
Pine 4.x
Mutt 1.x
Mozilla 1.3
Mozilla 1.4
Sylpheed 0.x
Sylpheed-Claws 0.x
c-client / UW-imapd 2002
DESCRIPTION:
Two different vulnerabilities have been identified in multiple IMAP
clients. On some systems it could be exploited to gain control of the
client system.
The first problem is that some IMAP clients fail to handle huge
literal sizes. This allows malicious servers to return a large value,
which causes an integer overflow. This could in some cases be
exploited to execute arbitrary code.
The following have all been reported to crash when attempting to
exploit this:
c-client / UW-Imapd / imap-2002b
Pine 4.53
Sylpheed 0.8.11
Sylpheed-claws
Outlook Express 6
The following have all been reported to be vulnerable in a way that
allows malicious servers to execute arbitrary code on the client
system:
Evolution 1.2.4
Mozilla 1.3 and 1.4a
Eudora 5.2.1
The second problem is that some IMAP clients don't handle huge
mailbox sizes correctly. This allows malicious IMAP servers to
overflow the allocated space.
The following have all been reported to crash when attempting to
exploit this:
mutt 1.4.1
Balsa 2.0.10
The following have all been reported to be vulnerable in a way that
allows malicious servers to execute arbitrary code on the client
system:
c-client / UW-imapd / imap-2002b
Pine 4.53
SOLUTION:
Do not connect to untrusted IMAP servers. If possible use SSL/TLS to
connect to the server to defend against Man-in-the-Middle attacks.
c-client / UW-imapd / imap-2002c is not vulnerable.
Evolution 1.3.2 beta is not vulnerable.
Mozilla 1.3.1 and 1.4x are not vulnerable.
Outlook Express will reportedly be fixed in the next Outlook Express
Service Pack.
REPORTED BY / CREDITS:
Timo Sirainen
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]