| Vulnerability Name: | CVE-2005-2933 (CCN-22518) | ||||||||||||||||||||||||||||
| Assigned: | 2005-10-04 | ||||||||||||||||||||||||||||
| Published: | 2005-10-04 | ||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||
| Summary: | Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20051201-01-U Source: SGI Type: UNKNOWN 20060501-01-U Source: CCN Type: Full-Disclosure Mailing List, Tue Oct 04 2005 - 16:49:52 CDT iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability Source: FULLDISC Type: Patch 20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability Source: MITRE Type: CNA CVE-2005-2933 Source: CCN Type: RHSA-2005-848 libc-client security update Source: CCN Type: RHSA-2005-850 imap security update Source: CCN Type: RHSA-2006-0276 php security update Source: REDHAT Type: UNKNOWN RHSA-2006:0276 Source: CCN Type: RHSA-2006-0501 php security update Source: CCN Type: RHSA-2006-0549 php security update for Stronghold Source: REDHAT Type: UNKNOWN RHSA-2006:0549 Source: CCN Type: SA17062 UW-imapd Mailbox Name Parsing Buffer Overflow Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 17062 Source: SECUNIA Type: UNKNOWN 17148 Source: SECUNIA Type: UNKNOWN 17152 Source: SECUNIA Type: UNKNOWN 17215 Source: SECUNIA Type: UNKNOWN 17276 Source: SECUNIA Type: UNKNOWN 17336 Source: SECUNIA Type: UNKNOWN 17483 Source: SECUNIA Type: UNKNOWN 17928 Source: SECUNIA Type: UNKNOWN 17930 Source: SECUNIA Type: UNKNOWN 17950 Source: SECUNIA Type: UNKNOWN 18554 Source: SECUNIA Type: UNKNOWN 19832 Source: SECUNIA Type: UNKNOWN 20210 Source: SECUNIA Type: UNKNOWN 20222 Source: CCN Type: SA20951 Avaya Products PHP Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 20951 Source: SECUNIA Type: UNKNOWN 21252 Source: CCN Type: SA21564 Avaya Products PHP Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 21564 Source: SREASON Type: UNKNOWN 47 Source: CCN Type: SECTRACK ID: 1015000 UW-IMAP Buffer Overflow in Processing Mailbox Name Lets Remote Authenticated Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015000 Source: SLACKWARE Type: UNKNOWN SSA:2005-310-06 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm Source: CCN Type: ASA-2006-129 php security update (RHSA-2006-0276) Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm Source: CCN Type: ASA-2006-160 php security update (RHSA-2006-0501) Source: DEBIAN Type: UNKNOWN DSA-861 Source: DEBIAN Type: DSA-861 uw-imap -- buffer overflow Source: CCN Type: GLSA-200510-10 uw-imap: Remote buffer overflow Source: GENTOO Type: UNKNOWN GLSA-200510-10 Source: CCN Type: iDEFENSE Security Advisory 10.04.05 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability Source: IDEFENSE Type: Patch, Vendor Advisory 20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability Source: CCN Type: US-CERT VU#933601 UW-IMAP vulnerable to a buffer overflow Source: CERT-VN Type: US Government Resource VU#933601 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:189 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:194 Source: SUSE Type: UNKNOWN SUSE-SR:2005:023 Source: REDHAT Type: UNKNOWN RHSA-2005:848 Source: REDHAT Type: UNKNOWN RHSA-2005:850 Source: REDHAT Type: UNKNOWN RHSA-2006:0501 Source: FEDORA Type: UNKNOWN FLSA:170411 Source: FEDORA Type: UNKNOWN FLSA:184098 Source: BID Type: UNKNOWN 15009 Source: CCN Type: BID-15009 University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-2685 Source: CCN Type: UW-IMAP Web site IMAP Information Center Source: CONFIRM Type: Patch http://www.washington.edu/imap/ Source: XF Type: UNKNOWN uw-imap-mailbox-name-bo(22518) Source: XF Type: UNKNOWN uw-imap-mailbox-name-bo(22518) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9858 Source: SUSE Type: SUSE-SR:2005:023 SUSE Security Summary Report | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||