University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities

University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities

University of Washington IMAP 'tmail' and 'dmail' are prone to local buffer-overflow vulnerabilities because they fail to perform adequate boundary checks on user-supplied data.

The attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application, possibly resulting in elevated privileges. Since 'tmail' is installed setuid root by default, this may result in a complete compromise of the vulnerable computer.

The following applications are vulnerable:

University of Washington imap-2007c and earlier
University of Washington Alpine 2.00
Panda Programming imap