ID CVE-2008-5006
Summary smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
References
Vulnerable Configurations
  • cpe:2.3:a:university_of_washington:imap_toolkit:2007b:*:*:*:*:*:*:*
    cpe:2.3:a:university_of_washington:imap_toolkit:2007b:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 32280
debian DSA-1685
mandriva MDVSA-2009:146
mlist [oss-security] 20081103 Re: CVE request - uw-imap
secunia 33142
xf imap-toolkit-smtp-dos(46604)
statements via4
contributor Tomas Hoger
lastmodified 2009-01-30
organization Red Hat
statement The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5.
Last major update 08-08-2017 - 01:33
Published 10-11-2008 - 14:12
Back to Top