Executive Summary

Informations
Name CVE-2008-5006 First vendor Publication 2008-11-10
Vendor Cve Last vendor Modification 2017-08-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5006

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19876
 
Oval ID: oval:org.mitre.oval:def:19876
Title: DSA-1685-1 uw-imap - multiple vulnerabilities
Description: Two vulnerabilities have been found in uw-imap, an IMAP implementation.
Family: unix Class: patch
Reference(s): DSA-1685-1
CVE-2008-5005
CVE-2008-5006
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): uw-imap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8142
 
Oval ID: oval:org.mitre.oval:def:8142
Title: DSA-1685 uw-imap -- buffer overflows, null pointer dereference
Description: Two vulnerabilities have been found in uw-imap, an IMAP implementation. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that several buffer overflows can be triggered via a long folder extension argument to the tmail or dmail program. This could lead to arbitrary code execution (CVE-2008-5005). It was discovered that a NULL pointer dereference could be triggered by a malicious response to the QUIT command leading to a denial of service (CVE-2008-5006).
Family: unix Class: patch
Reference(s): DSA-1685
CVE-2008-5005
CVE-2008-5006
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): uw-imap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2010-01-07 Name : Gentoo Security Advisory GLSA 201001-03 (php)
File : nvt/glsa_201001_03.nasl
2009-12-30 Name : Mandriva Security Advisory MDVSA-2009:146-1 (imap)
File : nvt/mdksa_2009_146_1.nasl
2009-12-03 Name : Gentoo Security Advisory GLSA 200911-03 (c-client uw-imap)
File : nvt/glsa_200911_03.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:166 (c-client)
File : nvt/mdksa_2009_166.nasl
2009-07-06 Name : Mandrake Security Advisory MDVSA-2009:146 (imap)
File : nvt/mdksa_2009_146.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2008-12-23 Name : Debian Security Advisory DSA 1685-1 (uw-imap)
File : nvt/deb_1685_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
49793 IMAP Toolkit c-client Library smtp.c Malformed QUIT Command Syntax Remote DoS

Nessus® Vulnerability Scanner

Date Description
2010-02-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-03.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_imap-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_imap-081217.nasl - Type : ACT_GATHER_INFO
2009-06-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-146.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote openSUSE host is missing a security update.
File : suse_imap-5868.nasl - Type : ACT_GATHER_INFO
2008-12-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1685.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/32280
DEBIAN http://www.debian.org/security/2008/dsa-1685
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
MLIST http://www.openwall.com/lists/oss-security/2008/11/03/5
SECUNIA http://secunia.com/advisories/33142
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46604

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:08:19
  • Multiple Updates
2021-04-22 01:08:40
  • Multiple Updates
2020-05-23 00:22:33
  • Multiple Updates
2017-08-08 09:24:30
  • Multiple Updates
2016-04-26 18:00:43
  • Multiple Updates
2014-02-17 10:47:11
  • Multiple Updates
2013-05-11 00:30:11
  • Multiple Updates