Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5007

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5007
Last Modified 07 Mar 2011 09:59:55
Published 12 Dec 2007 05:10:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5007

Summary

Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.

Vulnerable Systems

Application

  • Gnome Balsa 1.1.7

  • Gnome Balsa 1.2.4

  • Gnome Balsa 1.4

  • Gnome Balsa 1.4.3

  • Gnome Balsa 2.0.10

  • Gnome Balsa 2.0.16

  • Gnome Balsa 2.0.17

  • Gnome Balsa 2.0.18

  • Gnome Balsa 2.0.6

  • Gnome Balsa 2.1

  • Gnome Balsa 2.1.1

  • Gnome Balsa 2.1.2

  • Gnome Balsa 2.1.3

  • Gnome Balsa 2.1.90

  • Gnome Balsa 2.1.91

  • Gnome Balsa 2.2

  • Gnome Balsa 2.2.1

  • Gnome Balsa 2.2.2

  • Gnome Balsa 2.2.3

  • Gnome Balsa 2.2.4

  • Gnome Balsa 2.2.5

  • Gnome Balsa 2.2.6

  • Gnome Balsa 2.3

  • Gnome Balsa 2.3.1

  • Gnome Balsa 2.3.10

  • Gnome Balsa 2.3.11

  • Gnome Balsa 2.3.12

  • Gnome Balsa 2.3.13

  • Gnome Balsa 2.3.14

  • Gnome Balsa 2.3.15

  • Gnome Balsa 2.3.16

  • Gnome Balsa 2.3.17

  • Gnome Balsa 2.3.19

  • Gnome Balsa 2.3.2

  • Gnome Balsa 2.3.3

  • Gnome Balsa 2.3.4

  • Gnome Balsa 2.3.5

  • Gnome Balsa 2.3.6

  • Gnome Balsa 2.3.7

  • Gnome Balsa 2.3.8


References

BID - 25777

MLIST - [ANNOUNCE] 20070907 balsa-2.3.20 released

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=297581

VUPEN - ADV-2007-3263

SUSE - SUSE-SR:2007:019

GENTOO - GLSA-200710-17

SECUNIA - 27272

SECUNIA - 26987

SECUNIA - 26947

OSVDB - 40585

CONFIRM - http://bugzilla.gnome.org/show_bug.cgi?id=474366

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=193179


Last Updated: 27 May 2016 10:46:02