Strix
26.1K

CVE-2008-5005

UnknownEPSS 6.35%

Last modified

CVE-2008-5005 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.. EPSS estimates a 6.35% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Metrics

EPSS Probability
6.35%

92.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
University Of WashingtonAlpine0.80
University Of WashingtonAlpine0.81
University Of WashingtonAlpine0.82
University Of WashingtonAlpine0.83
University Of WashingtonAlpine0.98
University Of WashingtonAlpine0.99
University Of WashingtonAlpine0.999
University Of WashingtonAlpine0.9999
University Of WashingtonAlpine0.99999
University Of WashingtonAlpine0.999999
University Of WashingtonAlpine1.00
University Of WashingtonAlpine1.10
University Of WashingtonAlpine2.00
University Of WashingtonImap Toolkit2002
University Of WashingtonImap Toolkit2003
University Of WashingtonImap Toolkit2004
University Of WashingtonImap Toolkit2005
University Of WashingtonImap Toolkit2006
University Of WashingtonImap Toolkit2007
University Of WashingtonImap Toolkit2007c

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-5005?
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
How severe is CVE-2008-5005?
Severity scoring for CVE-2008-5005 is pending analysis. The EPSS model estimates a 6.35% probability of exploitation in the next 30 days.
How do I fix CVE-2008-5005?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-5005?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST