Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4907

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4907
Last Modified 23 Jan 2009 01:43:06
Published 03 Nov 2008 07:58:40
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4907

Summary

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Vulnerable Systems

Application

  • Dovecot 1.1.4

  • Dovecot 1.1.5


References

BID - 31997

SECUNIA - 32479

XF - dovecot-mail-header-dos(46227)

UBUNTU - USN-666-1

MLIST - [Dovecot-news] 20081030 v1.1.6 released

GENTOO - GLSA-200812-16

SECUNIA - 33149

SECUNIA - 32677


Last Updated: 27 May 2016 10:48:39