Vulnerability Details : CVE-2008-5006
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2008-5006
- cpe:2.3:a:university_of_washington:imap_toolkit:2007b:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5006
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-5006
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5006
-
Red Hat 2009-01-30The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5.
References for CVE-2008-5006
-
http://www.securityfocus.com/bid/32280
-
http://www.debian.org/security/2008/dsa-1685
[SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
Mandriva
-
http://www.openwall.com/lists/oss-security/2008/11/03/5
oss-security - Re: CVE request - uw-imap
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46604
Jump to