Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-1523 | First vendor Publication | 2005-05-26 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1523 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-20 (mailutils) File : nvt/glsa_200505_20.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 732-1 (mailutils) File : nvt/deb_732_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 16857 | GNU Mailutils imap4d Server Client Command Format String Mailutils contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when format specifiers are sent as part of user-supplied commands, and are unchecked by the imap4d server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | GNU Mailutils request tag format string vulnerability attempt RuleID : 12392 - Revision : 8 - Type : SERVER-MAIL |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-06-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-732.nasl - Type : ACT_GATHER_INFO |
| 2005-05-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-20.nasl - Type : ACT_GATHER_INFO |
| 2005-05-26 | Name : The remote mail server is affected by multiple issues. File : gnu_mailutils_060.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:08 |
|
| 2024-11-28 12:07:03 |
|
| 2021-05-04 12:02:57 |
|
| 2021-04-22 01:03:12 |
|
| 2020-05-23 00:16:33 |
|
| 2016-04-26 13:31:07 |
|
| 2014-02-17 10:31:22 |
|
| 2014-01-19 21:22:44 |
|
| 2013-05-11 11:25:59 |
|
