The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

9.  IMAP and POP buffer overflow vulnerabilities or incorrect configuration

IMAP and POP are popular remote access mail protocols that allow users to access their email from internal and external networks.  Multiple buffer overflows have been discovered in multiple versions of IMAP and POP.

Versions Effected: 

CVE-1999-0005 - Netscape Messaging Server 3.55, University of Washington imapd 10.234

CVE-1999-0006 - Qualcomm qpopper 2.4

CVE-1999-0042 - University of Washington's implementation of IMAP and POP

CVE-1999-0920 - Debian Linux 2.1, RedHat Linux 5.2 i386, RedHat Linux 5.1, Standard & Poors ComStock 4.2.4, RedHat Linux 5.0,
RedHat Linux 4.2, RedHat Linux 4.1, RedHat Linux 4.0, University of Washington imap 4.4, University of Washington pop2d 4.4

CVE-2000-0091 - Inter7 vpopmail (vchkpw) 3.4.9, Inter7 vpopmail (vchkpw) 3.4.8, Inter7 vpopmail (vchkpw) 3.4.7, Inter7 vpopmail (vchkpw) 3.4.6, Inter7 vpopmail (vchkpw) 3.4.5, Inter7 vpopmail (vchkpw) 3.4.4, Inter7 vpopmail (vchkpw) 3.4.3, Inter7 vpopmail (vchkpw) 3.4.2,
Inter7 vpopmail (vchkpw) 3.4.11, Inter7 vpopmail (vchkpw) 3.4.10, Inter7 vpopmail (vchkpw) 3.4.1

CVE Entry:  CVE-1999-0005, CVE-1999-0006, CVE-1999-0042, CVE-1999-0920, CVE-2000-0091

Details:  The first issue, CVE-1999-0005, is a buffer overflow in imapd that in some cases will allow an attacker to launch commands as root.  CVE-1999-0006 is also a buffer overflow but it effects Qualcomm qpopper version 2.4 and prior.  The third issue is a Buffer overflow in University of Washington's implementation of IMAP and POP servers. CVE-1999-0920 is also a buffer overflow but this time in the FOLD commands. The final issue, CVE-2000-0091 is also a buffer overflow allowing for root access.

Recommendations: It is recommended that email services be disabled on servers that are not acting as mail servers.  Upgrade to latest patch levels for servers that require email services.  It has also be suggested that access to email servers should be controlled by using TCP wrappers and encrypted channels such as SSH and SSL to protect passwords.

Additional Information:

http://www.cert.org/advisories/CA-98.09.imapd.html

http://www.cert.org/advisories/CA-98.08.qpopper_vul.html

http://www.cert.org/advisories/CA-97.09.imap_pop.html

http://www.sans.org/topten.htm

 



Contact: info@razor.bindview.com | | Bindview Home