Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5740

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5740
Last Modified 07 Mar 2011 10:01:13
Published 31 Oct 2007 12:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5740

Summary

The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

Vulnerable Systems

Application

  • Vergenet Perdition Mail Retrieval Proxy 1.17


References

FULLDISC - 20071031 SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability

XF - perdition-imap-strvwrite-format-string(38184)

VUPEN - ADV-2007-3677

CONFIRM - http://www.vergenet.net/linux/perdition/ChangeLog.shtml

SECTRACK - 1018883

BID - 26270

BUGTRAQ - 20071031 SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format StringVulnerability

MISC - http://www.sec-consult.com/300.html

DEBIAN - DSA-1398

SECUNIA - 27520

SECUNIA - 27458


Last Updated: 27 May 2016 10:46:16