A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox.
The Internet Message Access Protocol (IMAP) is a method of accessing electronic messages kept on a remote mail server and is specified in RFC3501. The University of Washington IMAP server features multiple user authentication methods, including the Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) as defined by RFC2195. A logic error in the code that handles CRAM-MD5 incorrectly specifies the conditions of successful authentication. This error results in a vulnerability that could allow a remote attacker to successfully authenticate as any user on the target system. This vulnerability only affects sites that have explicitly enabled CRAM-MD5 style authentication; it is not enabled in the default configuration of the UW-IMAP server.
A remote attacker could authenticate as any user on the target system and thereby read and delete email in the authorized user's account.
Upgrade or apply a patch
Fixed versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more details.
Red Hat Inc. Affected
University of Washington Affected
Apple Computer Inc. Not Affected
Fujitsu Not Affected
Hitachi Not Affected
Microsoft Corporation Not Affected
NEC Corporation Not Affected
Sun Microsystems Inc. Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
Openwall GNU/*/Linux Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Wind River Systems Inc. Unknown
Thanks to Mark Crispin and Hugh Sheets of the University of Washington for reporting this vulnerability.
This document was written by Chad R Dougherty.
|Date First Published:||2005-01-27|
|Date Last Updated:||2005-04-28 14:09 UTC|