CVE-2008-5005: Buffer Overflow
First published: Fri Oct 31 2008(Updated: )
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| University of Washington Alpine | =0.82 | |
| University of Washington Alpine | =0.999999 | |
| University of Washington Alpine | =0.98 | |
| University of Washington Alpine | =1.00 | |
| University of Washington Alpine | =1.10 | |
| University of Washington Alpine | =0.99 | |
| University of Washington Alpine | =0.81 | |
| University of Washington IMAP Toolkit | =2003 | |
| University of Washington IMAP Toolkit | =2005 | |
| University of Washington IMAP Toolkit | =2002 | |
| University of Washington Alpine | =2.00 | |
| University of Washington IMAP Toolkit | =2007c | |
| University of Washington Alpine | =0.80 | |
| University of Washington Alpine | =0.99999 | |
| University of Washington Alpine | =0.999 | |
| University of Washington Alpine | =0.9999 | |
| University of Washington IMAP Toolkit | =2006 | |
| University of Washington IMAP Toolkit | =2004 | |
| University of Washington IMAP Toolkit | =2007 | |
| University of Washington Alpine | =0.83 | |
| =0.80 | ||
| =0.81 | ||
| =0.82 | ||
| =0.83 | ||
| =0.98 | ||
| =0.99 | ||
| =0.999 | ||
| =0.9999 | ||
| =0.99999 | ||
| =0.999999 | ||
| =1.00 | ||
| =1.10 | ||
| =2.00 | ||
| =2002 | ||
| =2003 | ||
| =2004 | ||
| =2005 | ||
| =2006 | ||
| =2007 | ||
| =2007c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/11/03/5
- https://bugzilla.redhat.com/show_bug.cgi?id=469667
- http://securitytracker.com/id?1021131
- http://www.openwall.com/lists/oss-security/2008/11/03/3
- http://panda.com/imap/
- http://www.openwall.com/lists/oss-security/2008/11/03/4
- http://www.bitsec.com/en/rad/bsa-081103.txt
- http://www.bitsec.com/en/rad/bsa-081103.c
- http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
- http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
- http://secunia.com/advisories/32483
- http://marc.info/?l=full-disclosure&m=122572590212610&w=4
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
- http://secunia.com/advisories/32512
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
- http://www.debian.org/security/2008/dsa-1685
- http://secunia.com/advisories/33142
- http://securityreason.com/securityalert/4570
- http://secunia.com/advisories/33996
- http://www.washington.edu/alpine/tmailbug.html
- http://rhn.redhat.com/errata/RHSA-2009-0275.html
- http://www.securityfocus.com/bid/32072
- http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
- http://www.vupen.com/english/advisories/2008/3042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
- http://www.securityfocus.com/archive/1/498002/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=322296&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=322296&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=322297&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=322297&action=edit
- http://tools.ietf.org/html/rfc5321#section-4.5.3.1.1
- https://access.redhat.com/security/cve/CVE-2008-5005
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=469667#c5
- https://www.cve.org/CVERecord?id=CVE-2008-5005 https://nvd.nist.gov/vuln/detail/CVE-2008-5005
- https://access.redhat.com/errata/RHSA-2009:0275
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5005.json
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-5005
- collector/redhat-cve
- agent/references
- agent/weakness
- agent/severity
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/university of washington
- canonical/university of washington alpine
- version/university of washington alpine/0.82
- version/university of washington alpine/0.999999
- version/university of washington alpine/0.98
- version/university of washington alpine/1.00
- version/university of washington alpine/1.10
- version/university of washington alpine/0.99
- version/university of washington alpine/0.81
- canonical/university of washington imap toolkit
- version/university of washington imap toolkit/2003
- version/university of washington imap toolkit/2005
- version/university of washington imap toolkit/2002
- version/university of washington alpine/2.00
- version/university of washington imap toolkit/2007c
- version/university of washington alpine/0.80
- version/university of washington alpine/0.99999
- version/university of washington alpine/0.999
- version/university of washington alpine/0.9999
- version/university of washington imap toolkit/2006
- version/university of washington imap toolkit/2004
- version/university of washington imap toolkit/2007
- version/university of washington alpine/0.83