This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200505-20
(Mailutils: Multiple vulnerabilities in imap4d and mail)
infamous41d discovered several vulnerabilities in GNU Mailutils.
imap4d does not correctly implement formatted printing of command tags
(CAN-2005-1523), fails to validate the range sequence of the 'FETCH'
command (CAN-2005-1522), and contains an integer overflow in the
'fetch_io' routine (CAN-2005-1521). mail contains a buffer overflow in
A remote attacker can exploit the format string and integer
overflow in imap4d to execute arbitrary code as the imap4d user, which
is usually root. By sending a specially crafted email message, a remote
attacker could exploit the buffer overflow in the 'mail' utility to
execute arbitrary code with the rights of the user running mail.
Finally, a remote attacker can also trigger a Denial of Service by
sending a malicious FETCH command to an affected imap4d, causing
excessive resource consumption.
There are no known workarounds at this time.
See also :
All GNU Mailutils users should upgrade to the latest available
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-mail/mailutils-0.6-r1'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 18384 (gentoo_GLSA-200505-20.nasl)
CVE ID: CVE-2005-1520CVE-2005-1521CVE-2005-1522CVE-2005-1523
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.