Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2008-5005 (GCVE-0-2008-5005)

Vulnerability from nvd – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:40

Summary

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://panda.com/imap/	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/11/03/3	mailing-listx_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.bitsec.com/en/rad/bsa-081103.txt	x_refsource_MISC
	http://www.bitsec.com/en/rad/bsa-081103.c	x_refsource_MISC
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/11/03/5	mailing-listx_refsource_MLIST
	http://www.washington.edu/alpine/tmailbug.html	x_refsource_MISC
	http://securityreason.com/securityalert/4570	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/498002/100…	mailing-listx_refsource_BUGTRAQ
	http://mailman2.u.washington.edu/pipermail/imap-u…	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2008/dsa-1685	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/32483	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/32072	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/33142	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=469667	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2009-0275.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=full-disclosure&m=12257259021…	mailing-listx_refsource_FULLDISC
	http://mailman2.u.washington.edu/pipermail/imap-u…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/33996	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/32512	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/11/03/4	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2008/3042	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1021131	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:40:16.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:10485",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://panda.com/imap/"
          },
          {
            "name": "[oss-security] 20081103 CVE request - uw-imap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
          },
          {
            "name": "FEDORA-2008-9396",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.bitsec.com/en/rad/bsa-081103.c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
          },
          {
            "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.washington.edu/alpine/tmailbug.html"
          },
          {
            "name": "4570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4570"
          },
          {
            "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
          },
          {
            "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
          },
          {
            "name": "DSA-1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1685"
          },
          {
            "name": "32483",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32483"
          },
          {
            "name": "32072",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32072"
          },
          {
            "name": "uwimapd-tmail-bo(46281)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
          },
          {
            "name": "33142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33142"
          },
          {
            "name": "FEDORA-2008-9383",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
          },
          {
            "name": "RHSA-2009:0275",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
          },
          {
            "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
          },
          {
            "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
          },
          {
            "name": "33996",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33996"
          },
          {
            "name": "MDVSA-2009:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
          },
          {
            "name": "32512",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32512"
          },
          {
            "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
          },
          {
            "name": "ADV-2008-3042",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3042"
          },
          {
            "name": "1021131",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:10485",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://panda.com/imap/"
        },
        {
          "name": "[oss-security] 20081103 CVE request - uw-imap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
        },
        {
          "name": "FEDORA-2008-9396",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.bitsec.com/en/rad/bsa-081103.c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
        },
        {
          "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.washington.edu/alpine/tmailbug.html"
        },
        {
          "name": "4570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4570"
        },
        {
          "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
        },
        {
          "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
        },
        {
          "name": "DSA-1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1685"
        },
        {
          "name": "32483",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32483"
        },
        {
          "name": "32072",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32072"
        },
        {
          "name": "uwimapd-tmail-bo(46281)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
        },
        {
          "name": "33142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33142"
        },
        {
          "name": "FEDORA-2008-9383",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
        },
        {
          "name": "RHSA-2009:0275",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
        },
        {
          "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
        },
        {
          "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
        },
        {
          "name": "33996",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33996"
        },
        {
          "name": "MDVSA-2009:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
        },
        {
          "name": "32512",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32512"
        },
        {
          "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
        },
        {
          "name": "ADV-2008-3042",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3042"
        },
        {
          "name": "1021131",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:10485",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
            },
            {
              "name": "http://panda.com/imap/",
              "refsource": "CONFIRM",
              "url": "http://panda.com/imap/"
            },
            {
              "name": "[oss-security] 20081103 CVE request - uw-imap",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
            },
            {
              "name": "FEDORA-2008-9396",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
            },
            {
              "name": "http://www.bitsec.com/en/rad/bsa-081103.txt",
              "refsource": "MISC",
              "url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
            },
            {
              "name": "http://www.bitsec.com/en/rad/bsa-081103.c",
              "refsource": "MISC",
              "url": "http://www.bitsec.com/en/rad/bsa-081103.c"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
            },
            {
              "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
            },
            {
              "name": "http://www.washington.edu/alpine/tmailbug.html",
              "refsource": "MISC",
              "url": "http://www.washington.edu/alpine/tmailbug.html"
            },
            {
              "name": "4570",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4570"
            },
            {
              "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
            },
            {
              "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
              "refsource": "MLIST",
              "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
            },
            {
              "name": "DSA-1685",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1685"
            },
            {
              "name": "32483",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32483"
            },
            {
              "name": "32072",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32072"
            },
            {
              "name": "uwimapd-tmail-bo(46281)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
            },
            {
              "name": "33142",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33142"
            },
            {
              "name": "FEDORA-2008-9383",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=469667",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
            },
            {
              "name": "RHSA-2009:0275",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
            },
            {
              "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
            },
            {
              "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
              "refsource": "MLIST",
              "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
            },
            {
              "name": "33996",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33996"
            },
            {
              "name": "MDVSA-2009:146",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
            },
            {
              "name": "32512",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32512"
            },
            {
              "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
            },
            {
              "name": "ADV-2008-3042",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3042"
            },
            {
              "name": "1021131",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5005",
    "datePublished": "2008-11-10T11:00:00",
    "dateReserved": "2008-11-10T00:00:00",
    "dateUpdated": "2024-08-07T10:40:16.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-5005 (GCVE-0-2008-5005)

Vulnerability from cvelistv5 – Published: 2008-11-10 11:00 – Updated: 2024-08-07 10:40

Summary

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://panda.com/imap/	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/11/03/3	mailing-listx_refsource_MLIST
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.bitsec.com/en/rad/bsa-081103.txt	x_refsource_MISC
	http://www.bitsec.com/en/rad/bsa-081103.c	x_refsource_MISC
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/11/03/5	mailing-listx_refsource_MLIST
	http://www.washington.edu/alpine/tmailbug.html	x_refsource_MISC
	http://securityreason.com/securityalert/4570	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/498002/100…	mailing-listx_refsource_BUGTRAQ
	http://mailman2.u.washington.edu/pipermail/imap-u…	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2008/dsa-1685	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/32483	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/32072	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/33142	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=469667	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2009-0275.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=full-disclosure&m=12257259021…	mailing-listx_refsource_FULLDISC
	http://mailman2.u.washington.edu/pipermail/imap-u…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/33996	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/32512	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/11/03/4	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2008/3042	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1021131	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:40:16.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:10485",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://panda.com/imap/"
          },
          {
            "name": "[oss-security] 20081103 CVE request - uw-imap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
          },
          {
            "name": "FEDORA-2008-9396",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.bitsec.com/en/rad/bsa-081103.c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
          },
          {
            "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.washington.edu/alpine/tmailbug.html"
          },
          {
            "name": "4570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4570"
          },
          {
            "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
          },
          {
            "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
          },
          {
            "name": "DSA-1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1685"
          },
          {
            "name": "32483",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32483"
          },
          {
            "name": "32072",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32072"
          },
          {
            "name": "uwimapd-tmail-bo(46281)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
          },
          {
            "name": "33142",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33142"
          },
          {
            "name": "FEDORA-2008-9383",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
          },
          {
            "name": "RHSA-2009:0275",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
          },
          {
            "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
          },
          {
            "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
          },
          {
            "name": "33996",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33996"
          },
          {
            "name": "MDVSA-2009:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
          },
          {
            "name": "32512",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32512"
          },
          {
            "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
          },
          {
            "name": "ADV-2008-3042",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3042"
          },
          {
            "name": "1021131",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:10485",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://panda.com/imap/"
        },
        {
          "name": "[oss-security] 20081103 CVE request - uw-imap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
        },
        {
          "name": "FEDORA-2008-9396",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.bitsec.com/en/rad/bsa-081103.c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
        },
        {
          "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.washington.edu/alpine/tmailbug.html"
        },
        {
          "name": "4570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4570"
        },
        {
          "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
        },
        {
          "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
        },
        {
          "name": "DSA-1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1685"
        },
        {
          "name": "32483",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32483"
        },
        {
          "name": "32072",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32072"
        },
        {
          "name": "uwimapd-tmail-bo(46281)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
        },
        {
          "name": "33142",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33142"
        },
        {
          "name": "FEDORA-2008-9383",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
        },
        {
          "name": "RHSA-2009:0275",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
        },
        {
          "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
        },
        {
          "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
        },
        {
          "name": "33996",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33996"
        },
        {
          "name": "MDVSA-2009:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
        },
        {
          "name": "32512",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32512"
        },
        {
          "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
        },
        {
          "name": "ADV-2008-3042",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3042"
        },
        {
          "name": "1021131",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and \u0027+\u0027 character followed by a long string, processed by the tmail or possibly dmail program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:10485",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485"
            },
            {
              "name": "http://panda.com/imap/",
              "refsource": "CONFIRM",
              "url": "http://panda.com/imap/"
            },
            {
              "name": "[oss-security] 20081103 CVE request - uw-imap",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/11/03/3"
            },
            {
              "name": "FEDORA-2008-9396",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html"
            },
            {
              "name": "http://www.bitsec.com/en/rad/bsa-081103.txt",
              "refsource": "MISC",
              "url": "http://www.bitsec.com/en/rad/bsa-081103.txt"
            },
            {
              "name": "http://www.bitsec.com/en/rad/bsa-081103.c",
              "refsource": "MISC",
              "url": "http://www.bitsec.com/en/rad/bsa-081103.c"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm"
            },
            {
              "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/11/03/5"
            },
            {
              "name": "http://www.washington.edu/alpine/tmailbug.html",
              "refsource": "MISC",
              "url": "http://www.washington.edu/alpine/tmailbug.html"
            },
            {
              "name": "4570",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4570"
            },
            {
              "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/498002/100/0/threaded"
            },
            {
              "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
              "refsource": "MLIST",
              "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html"
            },
            {
              "name": "DSA-1685",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1685"
            },
            {
              "name": "32483",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32483"
            },
            {
              "name": "32072",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32072"
            },
            {
              "name": "uwimapd-tmail-bo(46281)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46281"
            },
            {
              "name": "33142",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33142"
            },
            {
              "name": "FEDORA-2008-9383",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=469667",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=469667"
            },
            {
              "name": "RHSA-2009:0275",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-0275.html"
            },
            {
              "name": "20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=122572590212610\u0026w=4"
            },
            {
              "name": "[imap-uw] 20081031 Security bug in tmail and dmail",
              "refsource": "MLIST",
              "url": "http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html"
            },
            {
              "name": "33996",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33996"
            },
            {
              "name": "MDVSA-2009:146",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"
            },
            {
              "name": "32512",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32512"
            },
            {
              "name": "[oss-security] 20081103 Re: CVE request - uw-imap",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/11/03/4"
            },
            {
              "name": "ADV-2008-3042",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3042"
            },
            {
              "name": "1021131",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5005",
    "datePublished": "2008-11-10T11:00:00",
    "dateReserved": "2008-11-10T00:00:00",
    "dateUpdated": "2024-08-07T10:40:16.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

2 vulnerabilities found for alpine by university_of_washington

CVE-2008-5005 (GCVE-0-2008-5005)

CVE-2008-5005 (GCVE-0-2008-5005)