Detections
Analytics

GNU Mailutils imap4d Search Command Remote Format String

medium Nessus Plugin ID 19605

Language:

Synopsis

The remote IMAP server is affected by a format string vulnerability.

Description

GNU Mailutils is a collection of mail utilities, including an IMAP4 daemon, a POP3 daemon, and a very simple mail client.

The remote host is running a version of GNU Mailutils containing a format string vulnerability in its IMAP4 daemon. By exploiting these issues, a remote attacker may be able to execute code remotely in the context of the user executing the daemon process, typically root.

Solution

Apply the patch referenced in the vendor advisory above.

See Also

http://www.nessus.org/u?b80e544b

http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407

Plugin Details

Severity: Medium

ID: 19605

File Name: gnu_mailutils_search_format_string.nasl

Version: 1.20

Type: remote

Published: 9/9/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:gnu:mailutils

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2005

Vulnerability Publication Date: 9/9/2005

Reference Information

CVE: CVE-2005-2878

BID: 14794