Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1F6E2ADE-35C2-11DA-811D-0050BF27BA24
HistoryOct 05, 2005 - 12:00 a.m.

imap-uw -- mailbox name handling remote buffer vulnerability

2005-10-0500:00:00
vuxml.freebsd.org
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON

FrSIRT reports:

A vulnerability has been identified in UW-IMAP, which could
be exploited by remote attackers to execute arbitrary commands.
This flaw is due to a stack overflow error in the
“mail_valid_net_parse_work()” [src/c-client/mail.c] function that
does not properly handle specially crafted mailbox names containing
a quote (") character, which could be exploited by authenticated
remote attackers to execute arbitrary commands with the privileges
of the IMAP server.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchimap-uw< 2004gUNKNOWN

Related

nessus 14
ubuntucve 1
redhat 4
gentoo 1
cve 1
debiancve 1
securityvulns 2
openvas 6
centos 5
debian 2
cert 1
nessus
nessus
GLSA-200510-10 : uw-imap: Remote buffer overflow
2005-10-19 00:00:00
RHEL 2.1 / 3 : imap (RHSA-2005:850)
2005-12-07 00:00:00
UW-IMAP Mailbox Name Buffer Overflow
2005-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2005-2933
2005-10-13 00:00:00
redhat
redhat
(RHSA-2005:850) imap security update
2005-12-06 00:00:00
(RHSA-2005:848) libc-client security update
2005-12-06 00:00:00
(RHSA-2006:0276) php security update
2006-04-25 00:00:00
gentoo
gentoo
uw-imap: Remote buffer overflow
2005-10-11 00:00:00
cve
cve
CVE-2005-2933
2005-10-13 22:02:00
debiancve
debiancve
CVE-2005-2933
2005-10-13 22:02:00
securityvulns
securityvulns
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities.
2005-10-27 00:00:00
[Full-disclosure] iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
2005-10-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200510-10 (uw-imap)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-861-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 861-1 (uw-imap)
2008-01-17 00:00:00
centos
centos
imap security update
2005-12-07 00:43:29
imap security update
2005-12-06 16:20:14
libc security update
2005-12-06 17:48:48
debian
debian
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution
2005-10-11 06:26:12
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution
2005-10-11 06:26:12
cert
cert
UW-IMAP vulnerable to a buffer overflow
2005-10-17 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON
Related for 1F6E2ADE-35C2-11DA-811D-0050BF27BA24
nessus14ubuntucve1redhat4gentoo1cve1debiancve1securityvulns2openvas6centos5debian2cert1