Published: 14/10/2005 Updated: 08/03/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.

Vulnerable Product	Search on Vulmon	Subscribe to Product
up-imapproxy up-imapproxy 1.2.3
up-imapproxy up-imapproxy 1.2.4

Steve Kemp discovered two format string vulnerabilities in up-imapproxy, an IMAP protocol proxy, which may lead remote attackers to the execution of arbitrary code The old stable distribution (woody) is not affected by these problems For the stable distribution (sarge) these problems have been fixed in version 123-1sarge1 For the unstable dist ...

source: wwwsecurityfocuscom/bid/15048/info up-IMAPProxy is reported prone to multiple unspecified remote format-string vulnerabilities Successful exploitation could cause the application to crash or to execute arbitrary code in the context of the application Specific details of these issues are not currently known This BID will be up ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-852 http://www.securityfocus.com/bid/15048 http://secunia.com/advisories/17100/http://secunia.com/advisories/17120 http://www.gentoo.org/security/en/glsa/glsa-200603-04.xml http://secunia.com/advisories/19113 http://securityreason.com/securityalert/547 http://www.vupen.com/english/advisories/2005/2014 http://www.vupen.com/english/advisories/2005/2015 https://nvd.nist.gov https://www.debian.org/security/./dsa-852 https://www.exploit-db.com/exploits/26340/

CVE-2005-2661

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect