Vulnerability Details : CVE-2005-2878
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
Vulnerability category: Execute code
Products affected by CVE-2005-2878
- cpe:2.3:a:gnu:mailutils:0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2878
87.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2878
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-2878
-
http://www.idefense.com/application/poi/display?id=303&type=vulnerabilities&flashstatus=true
U.S. | Let There Be Change | AccentureExploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/14794
-
http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml
Mailutils: Format string vulnerability in imap4d (GLSA 200509-10) — Gentoo security
-
http://marc.info/?l=bugtraq&m=112785181316043&w=2
'FreeBSD GNU Mailutils 0.6 imap4d exploit' - MARC
-
http://www.debian.org/security/2005/dsa-841
[SECURITY] [DSA 841-1] New mailutils packages fix arbitrary code execution
-
http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c
Page not found - Resiello
-
http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407
GNU Mailutils - Patches: patch #4407, Fix vulnerability in imap4d... [Savannah]Patch
Jump to