Vulnerability Name:

CVE-2005-0667 (CCN-19600)

Assigned:2005-03-07
Published:2005-03-07
Updated:2008-09-05
Summary:Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0667

Source: CCN
Type: RHSA-2005-303
sylpheed security update

Source: CCN
Type: SA14491
Sylpheed Message Reply Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
14491

Source: CCN
Type: SECTRACK ID: 1013376
Sylpheed Buffer Overflow in Processing Message Headers May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Vendor Advisory
1013376

Source: CCN
Type: Sylpheed Web site
Sylpheed- a GTK+ based, lightweight, and fast e-mail client -

Source: CONFIRM
Type: Patch, Vendor Advisory
http://sylpheed.good-day.net/changelog-devel.html.en

Source: CONFIRM
Type: Patch, Vendor Advisory
http://sylpheed.good-day.net/changelog.html.en

Source: CCN
Type: CIAC INFORMATION BULLETIN P-155
Sylpheed Security Update

Source: CCN
Type: GLSA-200503-26
Sylpheed, Sylpheed-claws: Message reply overflow

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-26

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:303

Source: CCN
Type: BID-12730
Sylpheed Mail Client Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-44
Two vulnerabilities discovered in Sylpheed

Source: XF
Type: UNKNOWN
sylpheed-message-header-bo(19600)

Source: SUSE
Type: SUSE-SR:2005:011
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.99:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed-claws:sylpheed-claws:1.0.2:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*
  • OR cpe:/o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050667
    V
    		CVE-2005-0667
    2015-11-16
    BACK
    sylpheed sylpheed 0.8.11
    sylpheed sylpheed 0.9.4
    sylpheed sylpheed 0.9.5
    sylpheed sylpheed 0.9.6
    sylpheed sylpheed 0.9.7
    sylpheed sylpheed 0.9.8
    sylpheed sylpheed 0.9.9
    sylpheed sylpheed 0.9.10
    sylpheed sylpheed 0.9.11
    sylpheed sylpheed 0.9.12
    sylpheed sylpheed 0.9.99
    sylpheed sylpheed 1.0.0
    sylpheed sylpheed 1.0.1
    sylpheed sylpheed 1.0.2
    sylpheed-claws sylpheed-claws 1.0.2
    altlinux alt linux 2.3
    altlinux alt linux 2.3
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat fedora core core_3.0
    redhat linux advanced workstation 2.1
    redhat linux advanced workstation 2.1