The University of Washington IMAP Server (imapd) contains several buffer overflow vulnerabilities that could allow an authenticated, remote attacker to execute arbitrary code with the privileges of the imapd service, typically SYSTEM or root.
These issues are due to improper handling of certain IMAP commands. The IMAP server fails to properly validate the length of these commands. The specific IMAP commands are COPY, FIND, LIST, LSUB and RENAME. An authenticated, remote attacker could exploit these issues by sending a crafted IMAP command to the affected server, triggering an overflow condition. This could allow the attacker to execute arbitrary code
with the privileges of the imapd service.