Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5005

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5005
Last Modified 07 Mar 2011 10:13:37
Published 10 Nov 2008 09:12:56
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5005

Summary

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Vulnerable Systems

Application

  • University Of Washington Alpine 0.80

  • University Of Washington Alpine 0.81

  • University Of Washington Alpine 0.82

  • University Of Washington Alpine 0.83

  • University Of Washington Alpine 0.98

  • University Of Washington Alpine 0.99

  • University Of Washington Alpine 0.999

  • University Of Washington Alpine 0.9999

  • University Of Washington Alpine 0.99999

  • University Of Washington Alpine 0.999999

  • University Of Washington Alpine 1.00

  • University Of Washington Alpine 1.10

  • University Of Washington Alpine 2.00

  • University Of Washington Imap Toolkit 2002

  • University Of Washington Imap Toolkit 2003

  • University Of Washington Imap Toolkit 2004

  • University Of Washington Imap Toolkit 2005

  • University Of Washington Imap Toolkit 2006

  • University Of Washington Imap Toolkit 2007

  • University Of Washington Imap Toolkit 2007c


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=469667

MLIST - [imap-uw] 20081031 Security bug in tmail and dmail

FEDORA - FEDORA-2008-9396

FEDORA - FEDORA-2008-9383

XF - uwimapd-tmail-bo(46281)

MISC - http://www.washington.edu/alpine/tmailbug.html

VUPEN - ADV-2008-3042

BID - 32072

BUGTRAQ - 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow

MLIST - [oss-security] 20081103 Re: CVE request - uw-imap

MLIST - [oss-security] 20081103 CVE request - uw-imap

MANDRIVA - MDVSA-2009:146

DEBIAN - DSA-1685

MISC - http://www.bitsec.com/en/rad/bsa-081103.txt

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm

SECTRACK - 1021131

SREASON - 4570

SECUNIA - 33996

SECUNIA - 33142

SECUNIA - 32512

SECUNIA - 32483

REDHAT - RHSA-2009:0275

CONFIRM - http://panda.com/imap/


Last Updated: 27 May 2016 10:48:40