PT-2005-3741 · Gnu · Gnu Mailutils

Gray

Published

2005-09-13

Updated

2016-10-18

CVE-2005-2878

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GNU Mailutils version 0.6

Description The issue is related to a format string vulnerability in the search.c file of the imap4d server. This vulnerability allows remote authenticated users to execute arbitrary code by including format string specifiers in the SEARCH command.

Recommendations For GNU Mailutils version 0.6, consider disabling the SEARCH command functionality in the imap4d server until a patch is available. Restrict access to the imap4d server to minimize the risk of exploitation. Avoid using format string specifiers in the SEARCH command until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2878

DSA-841-1

DTSA-20-1

Affected Products

Gnu Mailutils

PT-2005-3741 · Gnu · Gnu Mailutils

CVE-2005-2878

Related Identifiers

Affected Products

References · 16