Vulnerability CVE-2003-0296 - CERT Civis.Net

Vulnerability Name:

CVE-2003-0296 (CCN-12289)

Assigned:

2003-05-14

Published:

2003-05-14

Updated:

2016-10-18

Summary:

The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Wed May 14 2003 - 13:49:20 CDT
Buffer overflows in multiple IMAP clients

Source: MITRE
Type: CNA
CVE-2003-0296

Source: MITRE
Type: CNA
CVE-2003-0297

Source: MITRE
Type: CNA
CVE-2003-0298

Source: MITRE
Type: CNA
CVE-2003-0300

Source: MITRE
Type: CNA
CVE-2003-0301

Source: MITRE
Type: CNA
CVE-2003-0302

Source: BUGTRAQ
Type: UNKNOWN
20030514 Buffer overflows in multiple IMAP clients

Source: CCN
Type: RHSA-2005-015
pine security update

Source: CCN
Type: RHSA-2005-114
imap security update

Source: CCN
Type: Gentoo Linux Security Announcement 200305-12
uw-imapd - buffer overflow

Source: CCN
Type: Mozilla Web site
mozilla.org

Source: CCN
Type: OSVDB ID: 11425
Eudora IMAP Client literal_size Remote Overflow

Source: CCN
Type: OSVDB ID: 57634
Evolution IMAP Client literal_size Remote Overflow

Source: CCN
Type: OSVDB ID: 57637
Sylpheed IMAP Client literal_size Remote Overflow

Source: CCN
Type: OSVDB ID: 57638
Microsoft Outlook Express IMAP Client literal_size Remote Overflow

Source: CCN
Type: BID-7603
Multiple IMAP Client Integer Overflow Vulnerabilities

Source: CCN
Type: University of Washington Web site
UW IMAP software -- IMAP Information Center

Source: CCN
Type: Ximian Web site
Ximian : Products : Ximian Evolution

Source: XF
Type: UNKNOWN
imap-clients-literalsize-bo(12289)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ximian:evolution:1.2.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:university_of_washington:imap:2002b:*:*:*:*:*:*:*

AND

cpe:/a:university_of_washington:imap-2002b:*:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:university_of_washington:pine:4.53:*:*:*:*:*:*:*

OR cpe:/a:ximian:evolution:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

OR cpe:/a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

Denotes that component is vulnerable