CVE-2007-5466

EPSS 56.85%
Veröffentlicht 15.10.2007 23:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Extremail ≫ Extremail Version <= 2.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	56.85%	0.98

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/27220

Vendor Advisory

http://www.digit-labs.org/files/exploits/extremail-v4.c

http://www.digit-labs.org/files/exploits/extremail-v5.c

http://www.digit-labs.org/files/exploits/extremail-v6.c

http://www.digit-labs.org/files/exploits/extremail-v8.pl

http://www.securityfocus.com/archive/1/482293

http://www.securityfocus.com/bid/26074

https://exchange.xforce.ibmcloud.com/vulnerabilities/37209

https://www.exploit-db.com/exploits/4533

https://www.exploit-db.com/exploits/4534

https://www.exploit-db.com/exploits/4535