CVE-2008-5005

10.11.2008, 14:12

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
university_of_washington	alpine	0.80
university_of_washington	alpine	0.81
university_of_washington	alpine	0.82
university_of_washington	alpine	0.83
university_of_washington	alpine	0.98
university_of_washington	alpine	0.99
university_of_washington	alpine	0.999
university_of_washington	alpine	0.9999
university_of_washington	alpine	0.99999
university_of_washington	alpine	0.999999
university_of_washington	alpine	1.00
university_of_washington	alpine	1.10
university_of_washington	alpine	2.00

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

alpine

bullseye	2.24+dfsg1-1 fixed
bookworm	2.26+dfsg-1 fixed
sid	2.26+dfsg-2 fixed
trixie	2.26+dfsg-2 fixed

uw-imap

sid	8:2007f~dfsg-7 fixed
trixie	8:2007f~dfsg-7 fixed
bookworm	8:2007f~dfsg-7 fixed
bullseye	8:2007f~dfsg-7 fixed

Ubuntu Releases

Ubuntu Product

Codename

alpine

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	ignored
dapper	dne

uw-imap

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	ignored
hardy	ignored
gutsy	ignored
dapper	ignored

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html

http://marc.info/?l=full-disclosure&m=122572590212610&w=4

http://panda.com/imap/

http://rhn.redhat.com/errata/RHSA-2009-0275.html

http://secunia.com/advisories/32483

http://secunia.com/advisories/32512

http://secunia.com/advisories/33142

http://secunia.com/advisories/33996

http://securityreason.com/securityalert/4570

http://securitytracker.com/id?1021131

http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm

http://www.bitsec.com/en/rad/bsa-081103.c

http://www.bitsec.com/en/rad/bsa-081103.txt

http://www.debian.org/security/2008/dsa-1685

http://www.mandriva.com/security/advisories?name=MDVSA-2009:146

http://www.openwall.com/lists/oss-security/2008/11/03/3

http://www.openwall.com/lists/oss-security/2008/11/03/4

http://www.openwall.com/lists/oss-security/2008/11/03/5

http://www.securityfocus.com/archive/1/498002/100/0/threaded

http://www.securityfocus.com/bid/32072

http://www.vupen.com/english/advisories/2008/3042

http://www.washington.edu/alpine/tmailbug.html

https://bugzilla.redhat.com/show_bug.cgi?id=469667

https://exchange.xforce.ibmcloud.com/vulnerabilities/46281

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html

http://marc.info/?l=full-disclosure&m=122572590212610&w=4

http://panda.com/imap/

http://rhn.redhat.com/errata/RHSA-2009-0275.html

http://secunia.com/advisories/32483

http://secunia.com/advisories/32512

http://secunia.com/advisories/33142

http://secunia.com/advisories/33996

http://securityreason.com/securityalert/4570

http://securitytracker.com/id?1021131

http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm

http://www.bitsec.com/en/rad/bsa-081103.c

http://www.bitsec.com/en/rad/bsa-081103.txt

http://www.debian.org/security/2008/dsa-1685

http://www.mandriva.com/security/advisories?name=MDVSA-2009:146

http://www.openwall.com/lists/oss-security/2008/11/03/3

http://www.openwall.com/lists/oss-security/2008/11/03/4

http://www.openwall.com/lists/oss-security/2008/11/03/5

http://www.securityfocus.com/archive/1/498002/100/0/threaded

http://www.securityfocus.com/bid/32072

http://www.vupen.com/english/advisories/2008/3042

http://www.washington.edu/alpine/tmailbug.html

https://bugzilla.redhat.com/show_bug.cgi?id=469667

https://exchange.xforce.ibmcloud.com/vulnerabilities/46281

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html