Lucene search
Bernhard MuellerEDB-ID:30724HistoryOct 31, 2007 - 12:00 a.m.
Perdition 1.17 - IMAPD __STR_VWRITE Remote Format String
2007-10-3100:00:00
Bernhard Mueller
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/26270/info
Perdition IMAP proxy server is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected application. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.
This issue affects Perdition 1.17 and prior versions.
The following proof of concept is available:
perl -e 'print "abc%n\x00\n"' | nc perdition.example.com 143Related
freebsd
freebsd
perdition -- str_vwrite format string vulnerability
2007-10-31 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1398-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1398-1 (perdition)
2008-01-17 00:00:00
FreeBSD Ports: perdition
2008-09-04 00:00:00
nessus
nessus
Debian DSA-1398-1 : perdition - format string error
2007-11-06 00:00:00
FreeBSD : perdition -- str_vwrite format string vulnerability (617a4021-8bf0-11dc-bffa-0016179b2dd5)
2007-11-06 00:00:00
Perdition IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
2007-11-01 00:00:00
cve
cve
CVE-2007-5740
2007-10-31 16:46:00
nvd
nvd
CVE-2007-5740
2007-10-31 16:46:00
prion
prion
Format string
2007-10-31 16:46:00
debian
debian
[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution
2007-11-05 13:03:47
[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution
2007-11-05 13:03:47
ubuntucve
ubuntucve
CVE-2007-5740
2007-10-31 00:00:00
cvelist
cvelist
CVE-2007-5740
2007-10-31 16:00:00
debiancve
debiancve
CVE-2007-5740
2007-10-31 16:46:00