Format String Vulnerability in GNU Mailutils IMAP4D Server
CVE-2005-2878

Currently unrated

Key Information:

Vendor

Gnu
Status
Mailutils
Vendor
CVE Published:
13 September 2005

What is CVE-2005-2878?

The GNU Mailutils imap4d server contains a format string vulnerability in the handling of the SEARCH command, allowing remote authenticated users to execute arbitrary code on the server. This flaw arises from improper sanitization of user-supplied format specifiers, which can lead to potentially malicious exploitation. Attackers can exploit this vulnerability by crafting specific search commands, which may lead to unauthorized command execution within the server context.

References

http://savannah.gnu.org/patch/index.php?func=detailitem&i...
x_refsource_CONFIRM
http://secunia.com/advisories/17020
third-party-advisoryx_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml
vendor-advisoryx_refsource_GENTOO

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2005-2878 : Format String Vulnerability in GNU Mailutils IMAP4D Server