Vulnerable IMAP and POP Versions
Remote users may root access on systems running a vulnerable IMAP or
POP that is vulnerable to buffer overflow attacks.
Access to an account on the system is not needed to exploit this vulnerability.
IMAP provides remote access to a user's mailbox. It maintains a list
of unread as well as read messages so that a user gets the same "view" in a multiple
mail client environment.
POPis similar to IMAP but all received mail is loaded
to the mail client. That is, the client connects to the server to download mail that
the server is holding for the client. The mail is deleted from the server and is handled
offline (locally) on the client machine.
This vulnerability allows remote intruders to execute arbitrary commands under the
privleges of the process running the vulnerable IMAP server. If the
vulnerable IMAP server is running as root, remote intruders can gain root access.
Install a patch from your vendor or upgrade to the
of IMAP. If your POP server is based on the University
of Washington IMAP server code, you should also upgrade to the
version of IMAP.
Until you can take one of the above actions, temporarily disable the POP
and IMAP services. On many systems, you will need to edit the
/etc/inetd.conf file. However, you should check your vendor's
documentation because systems vary in file location and the exact changes required
(for example, sending the inetd process a HUP signal or killing and
restarting the daemon).
Where can I read more about this?
Read more about this vulnerability in
CERT Advisory 97.09,
CERT Advisory 98.08, and
CERT Advisory 98.09.