Lucene search
K

89 matches found

securityvulns
securityvulns
added 2007/10/18 12:0 a.m.45 views

[ GLSA 200710-17 ] Balsa: Buffer overflow

Gentoo Linux Security Advisory GLSA 200710-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

6.8CVSS7.1AI score0.03893EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.8 views

openSUSE 10 Security Update : balsa (balsa-4434)

This update of balsa fixes a buffer overflow that occurs while reading data from an IMAP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update balsa-4434. The text description of this plugin...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.23 views

GLSA-200710-17 : Balsa: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200710-17 Balsa: Buffer overflow Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact : A remote attacker could entice a us...

6.8CVSS6.3AI score0.03893EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2007/10/16 12:0 a.m.28 views

Balsa: Buffer overflow

Background Balsa is a highly configurable email client for GNOME. Description Evil Ninja Squirrel discovered a stack-based buffer overflow in the irfetchseq function when receiving a long response to a FETCH command CVE-2007-5007. Impact A remote attacker could entice a user to connect to a...

6.8CVSS7.5AI score0.03893EPSS
Exploits1
Cvelist
Cvelist
added 2007/09/20 8:0 p.m.30 views

CVE-2007-5007

Stack-based buffer overflow in the irfetchseq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command...

7.8AI score0.03893EPSS
Exploits1References12
CVE
CVE
added 2007/09/20 8:0 p.m.58 views

CVE-2007-5007

CVE-2007-5007 concerns a stack-based buffer overflow in the ir_fetch_seq function of Balsa (GNOME mail client) prior to version 2.3.20. A long IMAP FETCH response could allow a remote attacker to execute arbitrary code on the affected host. Gentoo GLSA 200710-17 (and related advisories) specify t...

6.8CVSS7.7AI score0.03893EPSS
Exploits1References12Affected Software1
Fedora
Fedora
added 2007/08/06 5:58 p.m.34 views

[SECURITY] Fedora 7 Update: balsa-2.3.17-2.fc7

Balsa is a GNOME email client which supports mbox, maildir, and mh local mailboxes, and IMAP4 and POP3 remote mailboxes. Email can be sent via sendmail or SMTP. Optional multithreading support allows for non-intrusive retrieval and sending of mail. A finished GUI similar to that of the Eudora ema...

2.6CVSS1.3AI score0.02423EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2007/06/07 8:7 a.m.7 views

fetchmail/mutt/evolution/...: APOP password disclosure vulnerability

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...

2.6CVSS5.9AI score0.02423EPSS
Exploits1References4
Prion
Prion
added 2007/04/16 10:19 p.m.19 views

Code injection

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...

2.6CVSS6.6AI score0.02423EPSS
Exploits1References73
UbuntuCve
UbuntuCve
added 2007/04/16 10:19 p.m.29 views

CVE-2007-1558

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...

2.6CVSS6AI score0.02423EPSS
Exploits1References4
CVE
CVE
added 2007/04/16 10:0 p.m.107 views

CVE-2007-1558

CVE-2007-1558 describes a cryptographic weakness in APOP authentication that lowers MITM attack cost to recover passwords. Connected advisories show this affects multiple mail clients (e.g., Thunderbird/Icedove, Iceape, fetchmail) and related POP/ALOP implementations. Debian DSA-1305-1 and CentOS...

2.6CVSS7.7AI score0.02423EPSS
Exploits1References73Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.25 views

Debian DSA-300-1 : balsa - buffer overflow

Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of...

7.5CVSS6.2AI score0.02543EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.25 views

RHEL 2.1 : balsa (RHSA-2003:111)

Updated Balsa packages are available which fix potential vulnerabilities in the IMAP handling code and in libesmtp. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow exists in Balsa versions 1.2 and higher when parsing mailbox names returned by an IMAP serve...

7.5CVSS6.3AI score0.04494EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2003/05/22 4:41 p.m.36 views

Important: Red Hat Security Advisory: balsa security update

Updated Balsa packages are available which fix potential vulnerabilities in the IMAP handling code and in libesmtp. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow exists in Balsa versions 1.2 and higher when parsing mailbox names returned by an IMAP serve...

7.5CVSS6.3AI score0.04494EPSS
Exploits0References2
CVE
CVE
added 2003/05/15 4:0 a.m.50 views

CVE-2003-0299

The CVE-2003-0299 issue affects the IMAP client code used by mutt 1.4.1 and Balsa 2.0.10. A remote malicious IMAP server can trigger denial of service and possibly arbitrary code execution by sending mailbox size values that cause signedness or integer overflow errors in the IMAP handling path. P...

7.5CVSS8AI score0.02105EPSS
Exploits0References1Affected Software2
Debian
Debian
added 2003/05/06 8:40 a.m.23 views

[SECURITY] [DSA 300-1] New Balsa packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 300-1 [email protected] http://www.debian.org/security/ Martin Schulze May 6th, 2003 http://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.02543EPSS
Exploits0
Debian
Debian
added 2003/05/06 8:40 a.m.24 views

[SECURITY] [DSA 300-1] New Balsa packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 300-1 [email protected] http://www.debian.org/security/ Martin Schulze May 6th, 2003 http://www.debian.org/security/faq -...

7.5CVSS0.5AI score0.02543EPSS
Exploits0
OSV
OSV
added 2003/05/06 12:0 a.m.16 views

DSA-300 balsa - buffer overflow

Bulletin has no description...

7.5CVSS6.1AI score0.02543EPSS
Exploits0
securityvulns
securityvulns
added 2003/04/23 12:0 a.m.35 views

[CLA-2003:630] Conectiva Security Announcement - balsa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : balsa SUMMARY : Buffer overflow in IMAP code and ...

7.5CVSS1AI score0.04494EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2003/04/03 8:21 p.m.6 views

Important: Red Hat Security Advisory: : Updated balsa and mutt packages fix vulnerabilities

New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow vulnerabilities are now available. Mutt is a text-mode email client. Balsa is a GNOME email client which includes code from Mutt. A potential buffer overflow in Mutt version 1.4 exists when parsing mailbox names returned by...

7.5CVSS6.3AI score0.04494EPSS
Exploits0References2
Rows per page
Query Builder