Lucene search

[email protected]CVE-1999-1224

HistoryOct 08, 1997 - 4:00 a.m.

CVE-1999-1224

1997-10-0804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

imap 4.1 beta

sigabrt signal

server crash

password exposure

cve-1999-1224

nvd.

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

15.3%

JSON

IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.

CPENameOperatorVersion
university_of_washington:imapduniversity of washington imapdeq*
university_of_washington:imapduniversity of washington imapdeq4.1

CPE	Name	Operator	Version
university_of_washington:imapd	university of washington imapd	eq	*
university_of_washington:imapd	university of washington imapd	eq	4.1

References

marc.info/?l=bugtraq&m=87635124302928&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/349

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

15.3%

JSON

Related for CVE-1999-1224

cvelist1