Integer Overflow Vulnerability in GNU Mailutils IMAP4D Server
CVE-2005-1521

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailutils
Vendor: CVE Published:; 26 May 2005

Summary

The fetch_io function of the imap4d server in GNU Mailutils versions 0.5 and 0.6, as well as earlier releases up to version 0.6.90, is susceptible to an integer overflow. This vulnerability arises when a remote attacker sends a crafted partial message request containing a large value in the END parameter. The overflow can result in a heap-based buffer overflow, potentially allowing the attacker to execute arbitrary code on the affected system. It is crucial for users of affected versions to apply the necessary updates to mitigate this risk.

References

http://securitytracker.com/id?1014052

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/13763

vdb-entryx_refsource_BID

http://www.idefense.com/application/poi/display?id=248&ty...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability published
May 26, 2005
Vulnerability Reserved
May 12, 2005