imap-uw IMAP Package POP Predictable Lock File DoS

2000-04-19T19:54:04
ID OSVDB:6010
Type osvdb
Reporter Alex Mottram(alex@net-connect.net)
Modified 2000-04-19T19:54:04

Description

Vulnerability Description

imap-uw contains a flaw that may allow a local denial of service. The problem is that the popd daemon creates lock files with predictable names, which could allow a malicious user to lock mailboxes of other users.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

imap-uw contains a flaw that may allow a local denial of service. The problem is that the popd daemon creates lock files with predictable names, which could allow a malicious user to lock mailboxes of other users.

References:

Vendor URL: http://www.washington.edu/imap/ Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0151.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0128.html ISS X-Force ID: 4335 CVE-2000-1197 Bugtraq ID: 1132