Mail Notification IMAP Null Pointer Dereference DoS

2004-10-06T05:33:29
ID OSVDB:10566
Type osvdb
Reporter OSVDB
Modified 2004-10-06T05:33:29

Description

Vulnerability Description

Mail Notification contains a flaw that may allow a remote denial of service. The issue is triggered when an out of context continuation response sent by a malicious IMAP server causes a null pointer dereference to occur in the IMAP code strcmp() function, and results in loss of availability for the service. Note: To exploit this vulnerability the attacker must first hijack the connection between Mail Notification and the IMAP server.

Solution Description

Upgrade to version 0.7.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not monitor an IMAP mailbox. If you want to ensure that the faulty code will not be used, reinstall Mail Notification using the following commands: $ ./configure --disable-imap $ make $ make install

Short Description

Mail Notification contains a flaw that may allow a remote denial of service. The issue is triggered when an out of context continuation response sent by a malicious IMAP server causes a null pointer dereference to occur in the IMAP code strcmp() function, and results in loss of availability for the service. Note: To exploit this vulnerability the attacker must first hijack the connection between Mail Notification and the IMAP server.

References:

Vendor URL: http://www.nongnu.org/mailnotify/ Vendor Specific Advisory URL Related OSVDB ID: 10567 Other Advisory URL: http://freshmeat.net/projects/mail-notification/?branch_id=44120&release_id=174999 Bugtraq ID: 11349