COMMAND

    imapd

SYSTEMS AFFECTED

    imapd

PROBLEM

    Michal Zalewski found following:

        * OK xxx IMAP4 service (Netscape Messaging Server 4.15 Patch 2 (built xxx))
        test login valid_login valid_password
        test OK User logged in
        test list <about-512-bytes-of-junk> /
        Connection closed by foreign host.

        2107:         siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
        2107:       Received signal #11, SIGSEGV [default]

    It's  a  DoS,  because  single-threaded  server  crashes.   But no
    matter -  it's trivially  exploitable.   Simple retaddr  overwrite
    bug,  input  buffer  is  not  stripped,  there's  no  any  kind of
    character validation.  Local access with daemon privledges can  be
    gained, allowing futher privledge escalation.

    This applies both to bare Netscape Messaging Server IMAP4, and  to
    Netscape  Messaging   Server  protected   by  Netscape   Messaging
    Multiplexor  (which  is  used  in  redundant  /  cluster solutions
    shipped by Sun / Netscape).

SOLUTION

    Nothing yet.