Vulnerability: IMAP 'authenticate' Command Buffer Overflow

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Vulnerability: IMAP 'authenticate' Command Buffer Overflow

Postby meows » 08. March 2007 04:38

Second problem is with Mail. and being all I am running is Mercury that comes with XAMPP, it must be in there somewhere...
So the question is How do we fix this?

Vulnerability: IMAP 'authenticate' Command Buffer Overflow Vulnerability
Qualys ID : 50014 CVE ID : CVE-1999-0005
Port : 143
The IMAP service is used to retrieve e-mail messages. The version you are using to perform this service seems to be vulnerable to a buffer overflow attack.

Unix IMAPd Versions 10.234 and prior are vulnerable. Vulnerable Operating Systems include the Linux RedHat Version 4.x series (excluding Version 4.2) and RedHat Version 5.0. Vulnerable Windows NT versions include IMAIL Version 4.06 and IMAP Version 4.

If successfully exploited, unauthorized remote users can gain Administrator privileges on Unix systems. Under Windows NT, unauthorized users can cause a denial of service on the IMAP service, and prevent authorized users from accessing their e-mail messages.

Such attacks require specific attack programs, which are freely available on the Internet. Moreover, some attack scanners integrate this vulnerability. Unauthorized users can probably penetrate this host or crash the service quickly and repeatedly.

Install an upgrade for the IMAP service, or, if it is not required, shut it down. Then, test the host to verify that the vulnerability was eliminated. In some cases, software in use for the IMAP service is not vulnerable but presents external signs of vulnerability. If this is the case, please contact our technical team.

For more information about this vulnerability, and for a list of responses from various vendors, read CERT Advisory CA-98-09.imapd. This advisory contains more information about specific fixes.
Posts: 44
Joined: 31. January 2007 10:28

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 39 guests