Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. The severity level in this instance is indicated by the colored dot next to the link to this tutorial on the previous page.
POP (Post Office Protocol) was designed to support offline mail processing. That is, the client connects to the server to download mail that the server is holding for the client. The mail is deleted from the server and is handled offline (locally) on the client machine.
Vulnerable versions of IMAP include the University of Washington implementations prior to IMAP4rev1 version 10.234, and all beta versions of IMAP4rev1.
2/26/01
In addition to the above vulnerability which allows remote
root access, another buffer overflow exists in the processing
of the LSUB command. This vulnerability could allow any
user with an e-mail account on the system to gain a user
shell. Once a user shell is obtained, arbitary commands could be executed
with the privileges of the user's account.
Versions of IMAP4rev1 prior to 2000.287 are
affected by this vulnerability.
Until you can take one of the above actions, temporarily disable the IMAP service. On many systems, you will need to edit the /etc/inetd.conf file. However, you should check your vendor's documentation because systems vary in file location and the exact changes required (for example, sending the inetd process a HUP signal or killing and restarting the daemon). If you are not able to temporarily disable the IMAP service, then you should at least limit access to the vulnerable services to machines in your local network. This can be done by installing TCP wrappers, not only for logging but also for access control. Note: Even with access control via TCP wrappers, you are still vulnerable to attacks from hosts that are allowed to connect to the vulnerable IMAP service.