发布时间 :2001-09-20 00:00:00
修订时间 :2008-09-05 16:24:42

[原文]Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.

[CNNVD]Imapd 远程缓冲溢出漏洞(CNNVD-200109-061)

        CVE(CAN) ID: CAN-2001-0691
        Washington University Imapd 是一个流行的服务器程序,它使用户通过IMAP协议直接

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  imap-ipop2d-ipop3d-bo(6269)

- 漏洞信息

Imapd 远程缓冲溢出漏洞
中危 边界条件错误
2001-09-20 00:00:00 2005-10-20 00:00:00
        CVE(CAN) ID: CAN-2001-0691
        Washington University Imapd 是一个流行的服务器程序,它使用户通过IMAP协议直接

- 公告与补丁

        Linux-Mandrake (
)为此发布了一份安全公告 :
        MDKSA-2001:054 - imap update
        补丁下载 -
        Linux-Mandrake 7.1:
        6bf29864715e9a7fcfca87fcbba9774f 7.1/RPMS/imap-2000c-4.6mdk.i586.rpm
        a0868dc57cf7ce8a39baeba197d44132 7.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
        e574413ee56c8a30bcc907e4a3042eac 7.1/SRPMS/imap-2000c-4.6mdk.src.rpm
        Linux-Mandrake 7.2:
        84255f2e48d8941a9ebfc9b96aa29485 7.2/RPMS/imap-2000c-4.5mdk.i586.rpm
        641bb3f1c7a89d21826074a24f1f480f 7.2/RPMS/imap-devel-2000c-4.5mdk.i586.rpm
        0e123cce424178305fb86e739c198734 7.2/SRPMS/imap-2000c-4.5mdk.src.rpm
        Mandrake Linux 8.0:
        6a452cc1dc11d0b4e463bad8ad72c76f 8.0/RPMS/imap-2000c-4.4mdk.i586.rpm
        b5e240934dce233b30b3b9b3dd378548 8.0/RPMS/imap-devel-2000c-4.4mdk.i586.rpm
        7e3c70c61268f0cc2ee129d17e363897 8.0/SRPMS/imap-2000c-4.4mdk.src.rpm
        Corporate Server 1.0.1:
        6bf29864715e9a7fcfca87fcbba9774f 1.0.1/RPMS/imap-2000c-4.6mdk.i586.rpm
        a0868dc57cf7ce8a39baeba197d44132 1.0.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm
        e574413ee56c8a30bcc907e4a3042eac 1.0.1/SRPMS/imap-2000c-4.6mdk.src.rpm


- 漏洞信息

UoW imapd Multiple Unspecified Overflows
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-03-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Imapd 'Local' Buffer Overflow Vulnerabilities
Boundary Condition Error 2856
Yes No
2001-06-11 12:00:00 2009-07-11 06:56:00
Published in a Mandrake Security Advisory on June 11, 2001.

- 受影响的程序版本

University of Washington imapd 2000c
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
University of Washington imapd 2000b
University of Washington imapd 2000a

- 漏洞讨论

Washington University Imapd is a popular server program that allows clients to download mail from servers via the IMAP protocol.

Imapd reportedly contains buffer overflow vulnerabilities which are exploitable by authenticated clients. These overflows may provide malicious clients with interactive access on the host.

MandrakeSoft has released upgraded packages which will eliminate the reported vulnerabilities.

More information is forthcoming.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Mandrake is the only vendor to have acknowledged and released upgrades specifically for these security vulnerabilities. Pending complete analysis, updated version and fix information will be made available.

University of Washington imapd 2000c

- 相关参考