CVE-2005-2878 - Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote auth

CVE-2005-2878

Summary

Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.

References

Vulnerable Configurations

cpe:2.3:a:gnu:mailutils:0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailutils:0.6:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 03:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14794
bugtraq	20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit
confirm	http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407
debian	DSA-841
gentoo	GLSA-200509-10
idefense	20050909 GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability
misc	http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c
secunia	16783 17020

Last major update

18-10-2016 - 03:31

Published

13-09-2005 - 23:03

Last modified

18-10-2016 - 03:31