Executive Summary

Informations
Name CVE-2005-3354 First vendor Publication 2005-11-20
Vendor Cve Last vendor Modification 2017-07-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.1 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3354

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 25

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200511-13 (sylpheed sylpheed-claws)
File : nvt/glsa_200511_13.nasl
2008-01-17 Name : Debian Security Advisory DSA 906-1 (sylpheed)
File : nvt/deb_906_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 908-1 (sylpheed-claws)
File : nvt/deb_908_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 924-1 (nbd)
File : nvt/deb_924_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
20675 Sylpheed Address Book LDIF Import Overflow

A flaw exists in the handling of importing LDIF files into the address book portion of Sylpheed. The flaw is triggered when a single line exceeds 2048 characters, and a stack-based overflow occurs. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-906.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-908.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-237-1.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-238-1.nasl - Type : ACT_GATHER_INFO
2005-11-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200511-13.nasl - Type : ACT_GATHER_INFO
2005-11-15 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1063.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/15363
CONFIRM http://sylpheed.good-day.net/en/news.html
DEBIAN http://www.debian.org/security/2005/dsa-906
FEDORA http://www.xatrix.org/advisory.php?s=7282
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml
OSVDB http://osvdb.org/20675
SECUNIA http://secunia.com/advisories/17492
http://secunia.com/advisories/17525/
http://secunia.com/advisories/17540/
http://secunia.com/advisories/17678
http://secunia.com/advisories/17831/
SUSE http://www.novell.com/linux/security/advisories/2005_28_sr.html
VUPEN http://www.vupen.com/english/advisories/2005/2360
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/23028

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:03:15
  • Multiple Updates
2021-04-22 01:03:32
  • Multiple Updates
2020-05-23 00:16:55
  • Multiple Updates
2017-07-11 12:02:02
  • Multiple Updates
2016-06-28 15:23:02
  • Multiple Updates
2016-04-26 13:53:45
  • Multiple Updates
2014-02-17 10:33:19
  • Multiple Updates
2013-05-11 11:33:33
  • Multiple Updates