Eudora WorldMail IMAPd UID Command Buffer Overflow Vulnerability

2014-03-06T00:00:00
ID SAINT:974F36D2F167C80A1D0C40E25BE054BF
Type saint
Reporter SAINT Corporation
Modified 2014-03-06T00:00:00

Description

Added: 03/06/2014
BID: 65650
OSVDB: 104071

Background

Eudora WorldMail is an e-mail server for Windows.

Problem

Eudora WorldMail version 9.0.333.0 (and probably earlier) IMAPd service is vulnerable to buffer overflow as a result of improper validation of user-supplied input when handling UID commands.

Resolution

Contact the vendor to determine if an update is planned. The Eudora WorldMail page indicates that Qualcomm no longer sells Worldmail, but technical support is still available.

References

<http://www.osvdb.org/show/osvdb/104071>

Limitations

Expoit works on Eudora Qualcomm WorldMail 9.0.333.0 IMAPd Service running on Windows Server 2003 SP1.

Platforms

Windows