GNU Mailutils imap4d Search Command Remote Format String

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote IMAP server is affected by a format string vulnerability.

Description :

GNU Mailutils is a collection of mail utilities, including an IMAP4
daemon, a POP3 daemon, and a very simple mail client.

The remote host is running a version of GNU Mailutils containing a
format string vulnerability in its IMAP4 daemon. By exploiting these
issues, a remote attacker may be able to execute code remotely in the
context of the user executing the daemon process, typically root.

See also :

Solution :

Apply the patch referenced in the vendor advisory above.

Risk factor :

Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 19605 (gnu_mailutils_search_format_string.nasl)

Bugtraq ID: 14794

CVE ID: CVE-2005-2878

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now