Check Point Advisories

Security Best Practice: POP3/IMAP Security

Check Point Reference: SBP-2006-18
Date Published: 16 Jul 2006
Severity: High
Last Updated: Sunday 01 January, 2006
Source: SmartDefense Research Center
Protection Provided by:
Who is Vulnerable? POP3 and IMAP mail servers
Vulnerability Description Post Office Protocol version 3 (POP3) and Internet Messaging Access Protocol version 4 (IMAP4) are electronic mail protocols used to retrieve messages stored in e-mail servers.

There are several serious security limitations with these protocols that allow malicious attackers to compromise a remote server, gain full access rights or launch denial of service (DoS) attacks. 
Vulnerability DetailsPOP3 and IMAP4 are both 'pull' protocols. To check for messages, a client (e.g. Outlook Express) connects to its mail server and using the different protocols (POP3 or IMAP4), logins to its mailbox and 'pulls' out its messages. POP3 allows the remote client to view, download, list and delete messages, while IMAP4 is more advanced in that it permits manipulation of remote message folders (mailboxes), in a way that is functionally equivalent to local mailboxes. IMAP4 also includes operations for creating, deleting, and renaming mailboxes; checking for new messages; permanently removing messages and more.

There are different attack vectors against POP3 and IMAP4 mail servers.  A malicious attacker can create a remote code execution or denial of service condition by doing one of the following:
* Use overly long user name or password as input.
* Use binary characters in username or password as input.
* Use binary characters in different POP3 or IMAP4 commands.
* Send malformed, unknown commands to the server.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK