CVE-2008-5005: CVE-2008-5005

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-5005

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux和UNIX UW-IMAP tmail及dmail多个本地栈溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

UW-IMAP是Linux和UNIX系统的免费IMAP服务，捆绑于各种Linux版本中。 tmail和dmail都是UW-IMAP所使用的邮件传输代理，这两个应用没有对从命令行所传送的文件名扩展名参数执行边界检查，如果用户提交了超长的文件夹名称的话就可以触发栈溢出。对于tmail，这个溢出可能导致以root用户权限执行任意代码；对于dmail，可能导致以收件人的权限执行任意代码。以下是存在漏洞的代码段： [tmail.c] char *getusername (char *s,char **t) { c

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-5005

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-5005

Please Login to view more intelligence information

http://www.washington.edu/alpine/tmailbug.htmlx_refsource_MISC
http://www.bitsec.com/en/rad/bsa-081103.txtx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=469667x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-065.htmx_refsource_CONFIRM
http://www.bitsec.com/en/rad/bsa-081103.cx_refsource_MISC
http://panda.com/imap/x_refsource_CONFIRM
http://securityreason.com/securityalert/4570third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/32512third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32483third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33996third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33142third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/32072vdb-entryx_refsource_BID
http://securitytracker.com/id?1021131vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2008/dsa-1685vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2008/3042vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146vendor-advisoryx_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2009-0275.htmlvendor-advisoryx_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.htmlvendor-advisoryx_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.htmlvendor-advisoryx_refsource_FEDORA
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281vdb-entryx_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485vdb-entrysignaturex_refsource_OVAL
http://www.openwall.com/lists/oss-security/2008/11/03/3mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2008/11/03/4mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2008/11/03/5mailing-listx_refsource_MLIST
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.htmlmailing-listx_refsource_MLIST
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.htmlmailing-listx_refsource_MLIST
http://www.securityfocus.com/archive/1/498002/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://marc.info/?l=full-disclosure&m=122572590212610&w=4mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2008-5005

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2008-5005

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2008-5005

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-5005

III. Intelligence Information for CVE-2008-5005

New Vulnerabilities

V. Comments for CVE-2008-5005

Leave a comment