Lucene search

[email protected]CVE-2005-2933

HistoryOct 13, 2005 - 10:02 p.m.

CVE-2005-2933

2005-10-1322:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

125

cve-2005-2933

buffer overflow

mail.c

uw-imap

remote code execution

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington’s IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

CPENameOperatorVersion
university_of_washington:uw-imapuniversity of washington uw-imaple2004f
university_of_washington:uw-imapuniversity of washington uw-imapeq2004e
university_of_washington:uw-imapuniversity of washington uw-imapeq2004a
university_of_washington:uw-imapuniversity of washington uw-imapeq2004d
university_of_washington:uw-imapuniversity of washington uw-imapeq2004c
university_of_washington:uw-imapuniversity of washington uw-imapeq2004
university_of_washington:uw-imapuniversity of washington uw-imapeq2004b

CPE	Name	Operator	Version
university_of_washington:uw-imap	university of washington uw-imap	le	2004f
university_of_washington:uw-imap	university of washington uw-imap	eq	2004e
university_of_washington:uw-imap	university of washington uw-imap	eq	2004a
university_of_washington:uw-imap	university of washington uw-imap	eq	2004d
university_of_washington:uw-imap	university of washington uw-imap	eq	2004c
university_of_washington:uw-imap	university of washington uw-imap	eq	2004
university_of_washington:uw-imap	university of washington uw-imap	eq	2004b

References

ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html

rhn.redhat.com/errata/RHSA-2006-0276.html

rhn.redhat.com/errata/RHSA-2006-0549.html

secunia.com/advisories/17062/

secunia.com/advisories/17148

secunia.com/advisories/17152

secunia.com/advisories/17215

secunia.com/advisories/17276

secunia.com/advisories/17336

secunia.com/advisories/17483

secunia.com/advisories/17928

secunia.com/advisories/17930

secunia.com/advisories/17950

secunia.com/advisories/18554

secunia.com/advisories/19832

secunia.com/advisories/20210

secunia.com/advisories/20222

secunia.com/advisories/20951

secunia.com/advisories/21252

secunia.com/advisories/21564

securityreason.com/securityalert/47

securitytracker.com/id?1015000

slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.500161

support.avaya.com/elmodocs2/security/ASA-2006-129.htm

support.avaya.com/elmodocs2/security/ASA-2006-160.htm

www.debian.org/security/2005/dsa-861

www.gentoo.org/security/en/glsa/glsa-200510-10.xml

www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=true

www.kb.cert.org/vuls/id/933601

www.mandriva.com/security/advisories?name=MDKSA-2005:189

www.mandriva.com/security/advisories?name=MDKSA-2005:194

www.novell.com/linux/security/advisories/2005_23_sr.html

www.redhat.com/support/errata/RHSA-2005-848.html

www.redhat.com/support/errata/RHSA-2005-850.html

www.redhat.com/support/errata/RHSA-2006-0501.html

www.securityfocus.com/archive/1/430296/100/0/threaded

www.securityfocus.com/archive/1/430303/100/0/threaded

www.securityfocus.com/bid/15009

www.vupen.com/english/advisories/2006/2685

www.washington.edu/imap/

exchange.xforce.ibmcloud.com/vulnerabilities/22518

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2005-2933

redhat4 nessus14 gentoo1 ubuntucve1 debiancve1 freebsd1 securityvulns2 openvas3 centos5 debian2 cert1