Lucene search

[email protected]CVE-2005-1521

HistoryMay 26, 2005 - 4:00 a.m.

CVE-2005-1521

2005-05-2604:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1521

integer overflow

fetch_io function

imap4d server

gnu mailutils

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.059 Low

EPSS

Percentile

93.5%

JSON

Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.

Affected configurations

NVD

Node

gnumailutilsMatch0.5

gnumailutilsMatch0.6

CPENameOperatorVersion
gnu:mailutilsgnu mailutilseq0.5
gnu:mailutilsgnu mailutilseq0.6

CPE	Name	Operator	Version
gnu:mailutils	gnu mailutils	eq	0.5
gnu:mailutils	gnu mailutils	eq	0.6

References

secunia.com/advisories/15442

securitytracker.com/id?1014052

www.debian.org/security/2005/dsa-732

www.idefense.com/application/poi/display?id=248&type=vulnerabilities

www.securityfocus.com/bid/13763

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.059 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2005-1521

debiancve1 ubuntucve1 securityvulns1 cvelist1 nvd1 nessus3 openvas4 gentoo1 debian2 osv1