Format String Vulnerability in GNU Mailutils IMAP4D Server
CVE-2005-2878

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailutils
Vendor: CVE Published:; 13 September 2005

Summary

The GNU Mailutils imap4d server contains a format string vulnerability in the handling of the SEARCH command, allowing remote authenticated users to execute arbitrary code on the server. This flaw arises from improper sanitization of user-supplied format specifiers, which can lead to potentially malicious exploitation. Attackers can exploit this vulnerability by crafting specific search commands, which may lead to unauthorized command execution within the server context.

References

http://savannah.gnu.org/patch/index.php?func=detailitem&i...

x_refsource_CONFIRM

http://secunia.com/advisories/17020

third-party-advisoryx_refsource_SECUNIA

http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 13, 2005
Vulnerability Reserved
Sep 13, 2005