Vigil@nce: UW IMAP, denial of service of rfc822_output_char
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create an overflow of one byte in c-client of UW
IMAP.
Gravity: 2/4
Consequences: denial of service of client
Provenance: internet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/12/2008
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The c-client library of UW IMAP implements various messaging
clients.
The RFC822BUFFER structure defined in the rfc822.h file is used to
store data. This structure is used in NNTP and SMTP clients.
The rfc822_output_char() function of rfc822.c adds a byte in the
storage area. However, if the area is already filled, the byte is
written after the end of the memory area.
A malicious NNTP or SMTP server can therefore create an overflow
to create a denial of service, and eventually execute code.
CHARACTERISTICS
Identifiers: CVE-2008-5514, VIGILANCE-VUL-8362