CVE-2008-5005 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5005
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5005

Description: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/46281 ST 1021131 SREASON http://securityreason.com/securityalert/4570 SAID Secunia Advisory: SA33996 Secunia Advisory: SA32483 Secunia Advisory: SA32512 Secunia Advisory: SA33142 REDHAT http://rhn.redhat.com/errata/RHSA-2009-0275.html MLIST http://www.openwall.com/lists/oss-security/2008/11/03/5 http://www.openwall.com/lists/oss-security/2008/11/03/4 http://www.openwall.com/lists/oss-security/2008/11/03/3 http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html MISC http://www.bitsec.com/en/rad/bsa-081103.c http://www.bitsec.com/en/rad/bsa-081103.txt http://www.washington.edu/alpine/tmailbug.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 FULLDISC http://marc.info/?l=full-disclosure&m=122572590212610&w=4 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1685 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm http://panda.com/imap/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/498002/100/0/threaded BID 32072

Return to the previous page.