These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010.
ZDI-CAN-407
Title:
SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability
Advisory:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the imapd process responsible for handling remote IMAP requests. The process does not properly validate IMAP commands and arguments. Supplying an overly long command followed by an invalid argument can cause an exploitable overflow to occur. This vulnerability can be leveraged to execute arbitrary code.
Mitigation:
This vulnerability can be mitigated using network traffic filtering device such as an IDS/IPS that will block IMAP traffic containing any overly long commands or arguments.
