QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-5005

Back to search

CVE-2008-5005

Published: Nov 10, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

VendorProductVersions

n/a

n/a

affected
n/a

References

oval:org.mitre.oval:def:10485
vdb-entry
signature
x_refsource_OVAL
http://panda.com/imap/
x_refsource_CONFIRM
FEDORA-2008-9396
vendor-advisory
x_refsource_FEDORA
4570
third-party-advisory
x_refsource_SREASON
DSA-1685
vendor-advisory
x_refsource_DEBIAN
32483
third-party-advisory
x_refsource_SECUNIA
32072
vdb-entry
x_refsource_BID
uwimapd-tmail-bo(46281)
vdb-entry
x_refsource_XF
33142
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-9383
vendor-advisory
x_refsource_FEDORA
RHSA-2009:0275
vendor-advisory
x_refsource_REDHAT
33996
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:146
vendor-advisory
x_refsource_MANDRIVA
32512
third-party-advisory
x_refsource_SECUNIA
ADV-2008-3042
vdb-entry
x_refsource_VUPEN
1021131
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now