Qualcomm Eudora WorldMail Server versions 3.0 and prior contain two vulnerabilities that could allow a remote attacker to read other user's e-mail messages or execute arbitrary code.
The first vulnerability (CVE-2005-3189) exists due to insufficient validation of user-supplied input to the IMAP protocol while handing crafted commands with directory traversal characters. A remote, authenticated attacker could exploit this vulnerability to view or delete mail files of other users by supplying a crafted command containing directory traversal characters. An attacker could also move arbitrary folders on the server, resulting in a partial or complete denial of service (DoS) condition on the mail server.
The second vulnerability (CVE-2005-4267) also exists due to
insufficient input validation on several IMAP commands. A remote attacker could exploit this vulnerability by submitting a malicious IMAP command designed to cause a buffer overflow. This could allow the attacker to execute arbitrary code with SYSTEM privileges.
The third vulnerability (CVE-2006-0637) exists due to insufficient validation of parameters passed to the IMAP APPEND command. A remote attacker could exploit this vulnerability by submitting a malicious IMAP APPEND command designed to trigger a buffer overflow. This could allow the attacker to execute arbitrary code.
Exploit code is available for the second and
Patches are unavailable.