TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
432
supplying a long, well-crafted string as the second argument to the LSUB command, it is possible to execute code on
the machine. Executing the LSUB command requires an account on the machine. In addition, privileges have been
dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a
scenario where a user has an account, but no shell level access. This would allow them to gain shell access.
Signature ID: 11024
Wu-imapd PARTIAL Command Buffer Overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2002-0379 Bugtraq: 4713
Signature Description: Wu-imapd is an easy to set-up IMAP (Internet Message Access Protocol) daemon created and
distributed by Washington University. UW IMAP versions 2000c and earlier are vulnerable to a buffer overflow in
implementation of imapd.c. An authenticated attacker can construct a malicious request such as asking for PARTIAL
mailbox attribute(BODY[) with very long argument and sending it to the vulnerable server can cause the overflow and
run code on the server with uid/gid of the e-mail owner. The vulnerability is fixed in the imap-2002a release.
Administrators are advised to update the product.
Signature ID: 11025
Wu-imapd PARTIAL Command Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2002-0379 Bugtraq: 4713
Signature Description: Wu-imapd is an easy to set-up IMAP (Internet Message Access Protocol) daemon created and
distributed by Washington University. UW IMAP versions 2000c and earlier are vulnerable to a buffer overflow in
implementation of imapd.c. An authenticated attacker can construct a malicious request such as asking for PARTIAL
mailbox attribute(BODY.PEEK[) with very long argument and sending it to the vulnerable server can cause the
overflow and run code on the server with uid/gid of the e-mail owner. The vulnerability is fixed in the imap-2002a
release. Administrators are advised to update the product.
Signature ID: 11026
IMAP rename literal overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2002-0284 CVE-2000-0284 Bugtraq: 1110 Nessus: 10374,10625
Signature Description: A buffer overflow exists in University of Washington imapd 12.264. The vulnerability exists in
the RENAME command. By supplying a long, well-crafted string as the second argument to the RENAME command,
it becomes possible to execute code on the machine.Executing the RENAME command requires an account on the
machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this
vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would
allow them to gain shell access. Upgrade the latest version to resolve this issue.
Signature ID: 11027
IMAP RENAME Command buffer overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1211
Bugtraq: 11775
Signature Description: IMAP RENAME command changes the name of a mailbox. It takes arguments as a Mailbox
name. This rule triggers when an attempt is made to exploit a buffer overflow associated with an IMAP product by
using RENAME command. In this case RENAME command with argument length exceeding 256 bytes causes this
rule to hit. Products like David Harris Mercury Mail Transport System 4.01a are vulnerable to this type of attack.