Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2878

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2878
Last Modified 05 Sep 2008 04:52:54
Published 13 Sep 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2878

Summary

Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.

Vulnerable Systems

Application

  • Gnu Mailutils 0.6


References

IDEFENSE - 20050909 GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability

CONFIRM - http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407

BID - 14794

MISC - http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c

GENTOO - GLSA-200509-10

DEBIAN - DSA-841

SECUNIA - 17020

SECUNIA - 16783

BUGTRAQ - 20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit


Last Updated: 27 May 2016 10:40:40