PT-2005-2514 · Gnu · Gnu Mailutils
Infamous41Md
·
Published
2005-05-26
·
Updated
2008-09-05
·
CVE-2005-1521
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
GNU Mailutils versions 0.5 through 0.6.89
Description
The issue is related to an integer overflow in the fetch io function of the imap4d server, which can be exploited by remote attackers to execute arbitrary code. This is achieved through a partial message request with a large value in the
END parameter, resulting in a heap-based buffer overflow.Recommendations
For GNU Mailutils versions 0.5 through 0.6.89, update to version 0.6.90 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gnu Mailutils