Lucene search

[email protected]CVE-2007-5740

HistoryOct 31, 2007 - 4:46 p.m.

CVE-2007-5740

2007-10-3116:46:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2007-5740

imap

format string

code execution

perdition mail retrieval proxy

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.345 Low

EPSS

Percentile

97.1%

JSON

The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

Affected configurations

NVD

Node

vergenetperdition_mail_retrieval_proxyRange≤1.17

CPENameOperatorVersion
vergenet:perdition_mail_retrieval_proxyvergenet perdition mail retrieval proxyle1.17

CPE	Name	Operator	Version
vergenet:perdition_mail_retrieval_proxy	vergenet perdition mail retrieval proxy	le	1.17

References

archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.html

secunia.com/advisories/27458

secunia.com/advisories/27520

www.debian.org/security/2007/dsa-1398

www.sec-consult.com/300.html

www.securityfocus.com/archive/1/483034/100/0/threaded

www.securityfocus.com/bid/26270

www.securitytracker.com/id?1018883

www.vergenet.net/linux/perdition/ChangeLog.shtml

www.vupen.com/english/advisories/2007/3677

exchange.xforce.ibmcloud.com/vulnerabilities/38184

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.345 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2007-5740

freebsd1 nessus3 openvas4 nvd1 ubuntucve1 debian2 prion1 debiancve1 cvelist1