[VIM] possibly false: CVE-2009-0671 (IMAP c-client format string)

str0ke str0ke at milw0rm.com
Tue Feb 24 16:08:33 UTC 2009

Yep anything to do with Faryad Rahmany / c1pher is fake, mostly copy and
pasted information from multiple exploits.


Steven M. Christey wrote:
> Researcher: Faryad rahmany
> It's been pointed out to me that CVE-2009-0671 is likely fake.  At the
> very least, the exploit has serious problems:
> 1) It uses Unix-specific include files but calls the Windows-specific
>    WSAStartup()
> 2) It contains clear syntax errors like he-h_addr
> This was also reported in BID:33795 and
> XF:imap-toolkit-cclient-format-string(48798).  No idea if they've done
> additional research.
> Currently I'm writing it up as questionable, but a more direct vendor
> dispute might follow soon.
> - Steve
> ======================================================
> Name: CVE-2009-0671
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0671
> Reference: MISC:http://packetstormsecurity.org/0902-exploits/uwimap-format.txt
> Reference: BID:33795
> Reference: URL:http://www.securityfocus.com/bid/33795
> Reference: XF:imap-toolkit-cclient-format-string(48798)
> Reference: URL:http://xforce.iss.net/xforce/xfdb/48798
> Format string vulnerability in the University of Washington (UW)
> c-client library, as used by the UW IMAP toolkit imap-2007d and other
> applications, allows remote attackers to execute arbitrary code via
> format string specifiers in the initial request to the IMAP port
> (143/tcp).  NOTE: it is highly likely that this report is inaccurate,
> since the associated exploit contains syntax errors and uses Unix-only
> include files while invoking Windows functions.

More information about the VIM mailing list