7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.345 Low
EPSS
Percentile
97.1%
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
CPE | Name | Operator | Version |
---|---|---|---|
vergenet:perdition_mail_retrieval_proxy | vergenet perdition mail retrieval proxy | le | 1.17 |
archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.html
secunia.com/advisories/27458
secunia.com/advisories/27520
www.debian.org/security/2007/dsa-1398
www.sec-consult.com/300.html
www.securityfocus.com/archive/1/483034/100/0/threaded
www.securityfocus.com/bid/26270
www.securitytracker.com/id?1018883
www.vergenet.net/linux/perdition/ChangeLog.shtml
www.vupen.com/english/advisories/2007/3677
exchange.xforce.ibmcloud.com/vulnerabilities/38184