FKIE_CVE-2005-2662

Vulnerability from fkie_nvd - Published: 2005-09-21 19:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message.
References
security@debian.orghttp://secunia.com/advisories/16883
security@debian.orghttp://secunia.com/advisories/17109
security@debian.orghttp://www.debian.org/security/2005/dsa-848
security@debian.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2005:168Patch, Vendor Advisory
security@debian.orghttp://www.osvdb.org/displayvuln.php?osvdb_id=19583
security@debian.orghttp://www.securityfocus.com/bid/14890
security@debian.orghttp://www.vupen.com/english/advisories/2005/1807
security@debian.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/22346
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16883
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17109
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-848
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:168Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/displayvuln.php?osvdb_id=19583
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14890
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1807
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/22346
Impacted products
Vendor Product Version
masqmail masqmail 0.0.0
masqmail masqmail 0.0.1
masqmail masqmail 0.0.2
masqmail masqmail 0.0.3
masqmail masqmail 0.0.4
masqmail masqmail 0.0.6
masqmail masqmail 0.0.7
masqmail masqmail 0.0.8
masqmail masqmail 0.0.9
masqmail masqmail 0.0.10
masqmail masqmail 0.0.11
masqmail masqmail 0.0.13
masqmail masqmail 0.1.0
masqmail masqmail 0.1.1
masqmail masqmail 0.1.2
masqmail masqmail 0.1.3
masqmail masqmail 0.1.4
masqmail masqmail 0.1.5
masqmail masqmail 0.1.6
masqmail masqmail 0.1.7
masqmail masqmail 0.1.8
masqmail masqmail 0.1.9
masqmail masqmail 0.1.10
masqmail masqmail 0.1.11
masqmail masqmail 0.1.12
masqmail masqmail 0.2.0
masqmail masqmail 0.2.1
masqmail masqmail 0.2.2
masqmail masqmail 0.2.3
masqmail masqmail 0.2.4
masqmail masqmail 0.2.5
masqmail masqmail 0.2.6
masqmail masqmail 0.2.7
masqmail masqmail 0.2.8
masqmail masqmail 0.2.9
masqmail masqmail 0.2.10
masqmail masqmail 0.2.11
masqmail masqmail 0.2.12
masqmail masqmail 0.2.13
masqmail masqmail 0.2.14
masqmail masqmail 0.2.15
masqmail masqmail 0.2.16
masqmail masqmail 0.2.17
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A68123-4DD9-4830-AB08-22158B165D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3185B6E3-8461-433F-B99D-6317760BA39A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5BC49C-C86C-4DBB-8853-8838AF64C5FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A365F9D-D1F5-4809-94F5-CCE99ACBBC18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "28DF3F37-A462-4765-AC57-86A012FB2BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA5F557-B379-4817-8641-52166BF377BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22543A3-50D9-40EE-8E38-DEB689979C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "57643AB3-E146-406B-9181-A1884154215B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2E7934-3F5C-47F4-BBD9-8F28D15F77DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45284864-C048-47CB-8605-D65F53573112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4215BBC-2BF0-442E-BDCB-470A3BE41897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C4DAE9-CF55-459A-8832-C83488617A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "624F1C66-698D-4DCD-82CC-737C41C8675D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA15EFE5-4CE4-4013-BB28-2D30A51170A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E25178-EA89-451C-84A2-0328190481F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F09AEBFD-021A-48E7-BC2F-4E2195D94BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "459FEC27-B87B-470A-944C-8B4DA453E8FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB11DE09-1622-4566-A1F8-0634F3D4CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ED9745-5B8D-4F2E-8904-00B8118CFEE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0623ADEA-8131-4BFD-9442-5837EE3C0C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FFECA71-AC24-48DA-9449-F1490AFC05A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2FD795-09DB-46A1-87DD-6CA4D0865950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "81B01E23-DD31-4786-9A03-67FD786681E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "894C3774-9ABD-4D66-840C-8599EB3B8889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C5624-FF26-4AA9-B4B1-A4C397FDA67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA05A312-AC06-455F-8B7A-C5970FB84622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3BD137-DEB0-4088-A4FF-25EF783E4D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7402381F-E2D9-45C5-98D6-F2AF95495A93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "361D93C9-1B1A-498D-BE8C-E8503E087804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BAE956-6452-4F0F-9F0B-0DA07D8804A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01E033C-58E9-4CBE-AD52-6B93B74BA613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE57A1ED-6E75-40E5-87CD-07AE9169483D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "727764E6-1304-4A82-9DF4-1B3EFAB42E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBBCAB4E-1352-4E16-8233-0AB95165F717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78F4E9D-17C9-4350-8864-B38FA4678F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6924D84E-4A77-4B43-A9DB-63DCDB5F675C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "263988ED-6403-4C94-9F19-E703347F7159",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A8D48D-3F8A-414E-8E5E-5DCF17934392",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA37BC96-D623-4EB4-9C40-6C9A1CB4EFE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C15571-BCB7-474A-8063-C59FABA29A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9A0F39-BFC5-4D2A-B000-787BCC5FEAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E6A806-929A-4198-9859-A65E32055A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:masqmail:masqmail:0.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE6FA46-A8B1-4D0C-9E40-192E0231DC3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message."
    }
  ],
  "id": "CVE-2005-2662",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-09-21T19:03:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://secunia.com/advisories/16883"
    },
    {
      "source": "security@debian.org",
      "url": "http://secunia.com/advisories/17109"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2005/dsa-848"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:168"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19583"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securityfocus.com/bid/14890"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.vupen.com/english/advisories/2005/1807"
    },
    {
      "source": "security@debian.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/16883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/1807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22346"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.