[VIM] possibly false: CVE-2009-0671 (IMAP c-client format string)

Steven M. Christey coley at linus.mitre.org
Tue Feb 24 16:02:02 UTC 2009


Researcher: Faryad rahmany

It's been pointed out to me that CVE-2009-0671 is likely fake.  At the
very least, the exploit has serious problems:

1) It uses Unix-specific include files but calls the Windows-specific
   WSAStartup()

2) It contains clear syntax errors like he-h_addr

This was also reported in BID:33795 and
XF:imap-toolkit-cclient-format-string(48798).  No idea if they've done
additional research.

Currently I'm writing it up as questionable, but a more direct vendor
dispute might follow soon.

- Steve

======================================================
Name: CVE-2009-0671
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0671
Reference: MISC:http://packetstormsecurity.org/0902-exploits/uwimap-format.txt
Reference: BID:33795
Reference: URL:http://www.securityfocus.com/bid/33795
Reference: XF:imap-toolkit-cclient-format-string(48798)
Reference: URL:http://xforce.iss.net/xforce/xfdb/48798

Format string vulnerability in the University of Washington (UW)
c-client library, as used by the UW IMAP toolkit imap-2007d and other
applications, allows remote attackers to execute arbitrary code via
format string specifiers in the initial request to the IMAP port
(143/tcp).  NOTE: it is highly likely that this report is inaccurate,
since the associated exploit contains syntax errors and uses Unix-only
include files while invoking Windows functions.




More information about the VIM mailing list