Detections
Analytics

CVE-2008-5005

high

Description

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

References

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485

https://exchange.xforce.ibmcloud.com/vulnerabilities/46281

https://bugzilla.redhat.com/show_bug.cgi?id=469667

http://www.washington.edu/alpine/tmailbug.html

http://www.vupen.com/english/advisories/2008/3042

http://www.securityfocus.com/bid/32072

http://www.securityfocus.com/archive/1/498002/100/0/threaded

http://www.openwall.com/lists/oss-security/2008/11/03/5

http://www.openwall.com/lists/oss-security/2008/11/03/4

http://www.openwall.com/lists/oss-security/2008/11/03/3

http://www.mandriva.com/security/advisories?name=MDVSA-2009:146

http://www.debian.org/security/2008/dsa-1685

http://www.bitsec.com/en/rad/bsa-081103.txt

http://www.bitsec.com/en/rad/bsa-081103.c

http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm

http://securitytracker.com/id?1021131

http://securityreason.com/securityalert/4570

http://secunia.com/advisories/33996

http://secunia.com/advisories/33142

http://secunia.com/advisories/32512

http://secunia.com/advisories/32483

http://rhn.redhat.com/errata/RHSA-2009-0275.html

http://panda.com/imap/

http://marc.info/?l=full-disclosure&m=122572590212610&w=4

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html

Details

Source: Mitre, NVD

Published: 2008-11-10

Updated: 2024-02-14

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High