ipop2d is part of the University of Washington imap package. Versions through 4.7c of the imap package are affected. Any user who has a pop account on the machine can view any world or group readable file on the file system. While on a shell account this is not a vulnerability, on a machine where a user only has POP access, this could result in the disclosure of information that might be useful in gaining information about other users on the system. This could in turn potentially be used to gain further access to the machine.
It is possible for a user to initiate a denial of service against Alibaba Web Server. Sending an unusually long GET request (> 8000 bytes) to the server will cause the service to stop responding. A restart of the server service is required in order to gain normal functionality.
All versions of Microsoft Outlook and Outlook Express are vulnerable to buffer overflow attacks where a remote user is capable of executing arbitrary code on an email recipient's system. The problem lies in how Outlook and Outlook Express handles the parsing of the GMT section of the date field in the header of an email when downloading via POP3 or IMAP4. This process is handled by INETCOMM.DLL. Improper bounds checking exists on the token represented by GMT. Therefore, if a malicious user was to send a specially crafted email message containing an unusually long value in the GMT specification, the buffer would be overflowed making arbitrary code execution possible. Sending random data could cause the application to crash.
A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog()' function, a remote attacker can execute code as root. The logging code in 'rpc.statd' uses the 'syslog()' function, passing it as the format string user-supplied data. A malicious user can construct a format string that injects executable code into the process address space and overwrites a function's return address, thus forcing the program to execute the code.
A vulnerability exists in the 'rpc.statd' program, which is part of the 'nfs-utils' package that is shipped with a number of popular Linux distributions. Because of a format-string vulnerability when calling the 'syslog()' function, a remote attacker can execute code as root. The logging code in 'rpc.statd' uses the 'syslog()' function, passing it as the format string user-supplied data. A malicious user can construct a format string that injects executable code into the process address space and overwrites a function's return address, thus forcing the program to execute the code.
Infopulse GateKeeper proxy server will crash if a string containing over 4096 characters is entered through port 2000. Arbitrary code execution is possible. Restarting the server is required in order to regain normal functionality.
When Novell Netware is configured with IPX-Compatibility enabled, it is vulnerable to a denial of service attack by sending packets with random data to port 40193. Similar results are possible by sending fragmented packets. This has been observed on Novell Netware 5.0 service pack 5, other versions may be vulnerable. This behaviour has also been reported on Novell Netware 6.0 service pack 1.
The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
WorldClient 2.1 is vulnerable to a directory traversal attack, which allows a remote user to retrieve and download any file of known location. This is done by requesting a URL composed of the filename and .., which allows the user to traverse the directory structure.
It is possible for a user to cause a denial of service against the WFtpd server. Requesting an RNTO command without using the RNFR command first will cause the server service to stop responding. A restart of the service is required to gain normal functionality.
Services By CQR