CVE: CVE-2008-5005

Export to Word

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.06194
Percentile: 0.90424

CVSS Scoring

CVSS v2 Score: 10.0

Severity:

Mapped CWE(s)

CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer

All CAPEC(s)

CAPEC-10: Buffer Overflow via Environment Variables
CAPEC-100: Overflow Buffers
CAPEC-123: Buffer Manipulation
CAPEC-14: Client-side Injection-induced Buffer Overflow
CAPEC-24: Filter Failure through Buffer Overflow
CAPEC-42: MIME Conversion
CAPEC-44: Overflow Binary Resource File
CAPEC-45: Buffer Overflow via Symbolic Links
CAPEC-46: Overflow Variables and Tags
CAPEC-47: Buffer Overflow via Parameter Expansion
CAPEC-8: Buffer Overflow in an API Call
CAPEC-9: Buffer Overflow in Local Command-Line Utilities

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:university_of_washington:alpine:0.80:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.81:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.82:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.83:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.98:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.99:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.999:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.9999:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.99999:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:0.999999:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:1.00:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:1.10:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:alpine:2.00:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2002:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2003:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2004:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2005:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2006:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2007:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap_toolkit:2007c:*:*:*:*:*:*:*

← Back to Home