Vulnerability Name:

CVE-2005-1522 (CCN-20728)

Assigned:2005-05-25
Published:2005-05-25
Updated:2008-09-05
Summary:The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-1522

Source: CCN
Type: freshmeat.net Web site
GNU Mailutils - Default branch

Source: CCN
Type: SA15442
Mailutils Four Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
15442

Source: CCN
Type: SECTRACK ID: 1014052
GNU Mailutils Buffer Overflow and Format String Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014052

Source: DEBIAN
Type: UNKNOWN
DSA-732

Source: DEBIAN
Type: DSA-732
mailutils -- several vulnerabilities

Source: CCN
Type: GLSA-200505-20
Mailutils: Multiple vulnerabilities in imap4d and mail

Source: CCN
Type: GNU Mailutils Web page
GNU Mailutils

Source: CCN
Type: iDEFENSE Security Advisory 05.25.05
GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability

Source: IDEFENSE
Type: Patch
20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability

Source: BID
Type: Patch
13765

Source: CCN
Type: BID-13765
GNU Mailutils Imap4d Remote Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
gnu-mailutils-fetch-dos(20728)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:mailutils:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailutils:0.6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:mailutils:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailutils:0.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:732
    V
    		several vulnerabilities
    2005-06-03
    BACK
    gnu mailutils 0.5
    gnu mailutils 0.6
    gnu mailutils 0.5
    gnu mailutils 0.6
    debian debian linux 3.0
    gentoo linux *