(0Day) SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability

February 7th, 2011

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the imapd process responsible for handling remote IMAP requests. The process does not properly validate IMAP commands and arguments. Supplying an overly long command followed by an invalid argument can cause an exploitable overflow to occur. This vulnerability can be leveraged to execute arbitrary code.

Additional Details

Disclosure Timeline

  • 2008-11-10 - Vulnerability reported to vendor
  • 2011-02-07 - Coordinated public release of advisory

Credit

Anonymous

Back to Advisories