CVE-2002-0379
published 2002-06-25CVE-2002-0379: Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.35%
97.0th percentile
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| university_of_washington | uw-imap | — | — |
| university_of_washington | uw-imap | — | — |
| university_of_washington | uw-imap | — | — |
| university_of_washington | uw-imap | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-05-10·CVSS 7.5
CVE-2002-0379 [HIGH] security flaw
security flaw
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
GHSA
GHSA-cqq9-qgwr-48j4: Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001
ghsa_unreviewed·2022-05-03
CVE-2002-0379 [HIGH] GHSA-cqq9-qgwr-48j4: Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
Suricata
GPL IMAP EXPLOIT partial body overflow attempt
suricata·2010-09-23
CVE-2002-0379 GPL IMAP EXPLOIT partial body overflow attempt
GPL IMAP EXPLOIT partial body overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP EXPLOIT partial body overflow attempt"; dsize:>1092; flow:established,to_server; content:" x PARTIAL 1 BODY["; reference:bugtraq,4713; reference:cve,2002-0379; classtype:misc-attack; sid:2101780; rev:11; metadata:created_at 2010_09_23, cve CVE_2002_0379, confidence Medium, signature_severity Minor, updated_at 2024_03_08;)
Exploit-DB
WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1)
exploitdb·2002-05-10
CVE-2002-0379 WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1)
WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/4713/info
Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.
This only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.
/*
* http://www.freeweb.nu/mantra/05_2002/uw-imapd.html
*
* uw-imapd.c - Remote exploit for uw imapd CAPABILITY IMAP4
*
* Copyright (C) 2002 Christophe "korty" Bailleux
* Copyright (C) 2002 Kostya Kortchinsky
*
*
Exploit-DB
WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2)
exploitdb·2002-05-10
CVE-2002-0379 WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2)
WU-IMAPd 2000/2001 - Partial Mailbox Attribute Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/4713/info
Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.
This only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.
/*
* 0x3a0x29wuim.c - WU-IMAP 2000.287 (linux/i86) remote exploit
*
* dekadish
*
* 0x3a0x29 crew
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txthttp://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487http://marc.info/?l=bugtraq&m=102107222100529&w=2http://online.securityfocus.com/advisories/4167http://www.iss.net/security_center/static/9055.phphttp://www.kb.cert.org/vuls/id/961489http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.phphttp://www.linuxsecurity.com/advisories/other_advisory-2120.htmlhttp://www.redhat.com/support/errata/RHSA-2002-092.htmlhttp://www.securityfocus.com/bid/4713http://www.washington.edu/imap/buffer.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/10803ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txthttp://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487http://marc.info/?l=bugtraq&m=102107222100529&w=2http://online.securityfocus.com/advisories/4167http://www.iss.net/security_center/static/9055.phphttp://www.kb.cert.org/vuls/id/961489http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.phphttp://www.linuxsecurity.com/advisories/other_advisory-2120.htmlhttp://www.redhat.com/support/errata/RHSA-2002-092.htmlhttp://www.securityfocus.com/bid/4713http://www.washington.edu/imap/buffer.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/10803
2002-06-25
Published