SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#702777

UW-imapd fails to properly authenticate users when using CRAM-MD5

Overview

A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox.

I. Description

The Internet Message Access Protocol (IMAP) is a method of accessing electronic messages kept on a remote mail server and is specified in RFC3501. The University of Washington IMAP server features multiple user authentication methods, including the Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) as defined by RFC2195. A logic error in the code that handles CRAM-MD5 incorrectly specifies the conditions of successful authentication. This error results in a vulnerability that could allow a remote attacker to successfully authenticate as any user on the target system. This vulnerability only affects sites that have explicitly enabled CRAM-MD5 style authentication; it is not enabled in the default configuration of the UW-IMAP server.

II. Impact

A remote attacker could authenticate as any user on the target system and thereby read and delete email in the authorized user's account.

III. Solution

Upgrade or apply a patch

Fixed versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more details.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable18-Jan-2005
ConectivaUnknown18-Jan-2005
Cray Inc.Unknown18-Jan-2005
DebianUnknown18-Jan-2005
EMC CorporationUnknown18-Jan-2005
EngardeUnknown18-Jan-2005
F5 NetworksUnknown18-Jan-2005
FreeBSDUnknown18-Jan-2005
FujitsuNot Vulnerable8-Feb-2005
GentooVulnerable8-Feb-2005
Hewlett-Packard CompanyUnknown18-Jan-2005
HitachiNot Vulnerable18-Jan-2005
IBMUnknown18-Jan-2005
IBM-zSeriesUnknown18-Jan-2005
IBM eServerUnknown1-Feb-2005
ImmunixUnknown18-Jan-2005
Ingrian NetworksUnknown18-Jan-2005
Juniper NetworksUnknown18-Jan-2005
MandrakeSoftVulnerable8-Feb-2005
Microsoft CorporationNot Vulnerable20-Jan-2005
MontaVista SoftwareUnknown18-Jan-2005
NEC CorporationNot Vulnerable17-Mar-2005
NetBSDUnknown18-Jan-2005
NokiaUnknown18-Jan-2005
NovellUnknown18-Jan-2005
OpenBSDUnknown18-Jan-2005
Openwall GNU/*/LinuxUnknown18-Jan-2005
Red Hat Inc.Vulnerable25-Feb-2005
SCO-LINUXUnknown18-Jan-2005
SCO-UNIXUnknown18-Jan-2005
SequentUnknown18-Jan-2005
SGIVulnerable17-Mar-2005
Sony CorporationUnknown18-Jan-2005
Sun Microsystems Inc.Not Vulnerable24-Jan-2005
SuSE Inc.Unknown18-Jan-2005
TurboLinuxVulnerable28-Apr-2005
UnisysUnknown18-Jan-2005
University of WashingtonVulnerable24-Jan-2005
Wind River Systems Inc.Unknown18-Jan-2005

References


Credit

Thanks to Mark Crispin and Hugh Sheets of the University of Washington for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

Date Public:2005-01-04
Date First Published:2005-01-27
Date Last Updated:2005-04-28
CERT Advisory: 
CVE-ID(s):CAN-2005-0198
NVD-ID(s):CAN-2005-0198
US-CERT Technical Alerts: 
Metric:6.08
Document Revision:20

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader