低危 uw-imap 缓冲区溢出代码执行漏洞

CVE编号

CVE-2005-2933

利用情况

暂无

补丁情况

官方补丁

披露时间

2005-10-14
漏洞描述
在IMAP-2004 g之前, Washington's IMAP Server (UW-IMAP)的mail.c中的mail.c中的mail_valid_net_parse_work函数中的缓冲区溢出允许远程攻击者通过包含单引号(“)字符的邮箱名执行任意代码,而不带结束引号,这将导致双引号后面的字节无限期地复制到缓冲区中。

解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/17062/
http://secunia.com/advisories/17148
http://secunia.com/advisories/17152
http://secunia.com/advisories/17215
http://secunia.com/advisories/17276
http://secunia.com/advisories/17336
http://secunia.com/advisories/17483
http://secunia.com/advisories/17928
http://secunia.com/advisories/17930
http://secunia.com/advisories/17950
http://secunia.com/advisories/18554
http://secunia.com/advisories/19832
http://secunia.com/advisories/20210
http://secunia.com/advisories/20222
http://secunia.com/advisories/20951
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
http://securityreason.com/securityalert/47
http://securitytracker.com/id?1015000
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackw...
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://www.debian.org/security/2005/dsa-861
http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&f...
http://www.kb.cert.org/vuls/id/933601
http://www.mandriva.com/security/advisories?name=MDKSA-2005:189
http://www.mandriva.com/security/advisories?name=MDKSA-2005:194
http://www.novell.com/linux/security/advisories/2005_23_sr.html
http://www.redhat.com/support/errata/RHSA-2005-848.html
http://www.redhat.com/support/errata/RHSA-2005-850.html
http://www.redhat.com/support/errata/RHSA-2006-0501.html
http://www.securityfocus.com/archive/1/430296/100/0/threaded
http://www.securityfocus.com/archive/1/430303/100/0/threaded
http://www.securityfocus.com/bid/15009
http://www.vupen.com/english/advisories/2006/2685
http://www.washington.edu/imap/
https://exchange.xforce.ibmcloud.com/vulnerabilities/22518
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 university_of_washington uw-imap * Up to
(including)
2004f
运行在以下环境
应用 university_of_washington uw-imap 2004 -
运行在以下环境
应用 university_of_washington uw-imap 2004a -
运行在以下环境
应用 university_of_washington uw-imap 2004b -
运行在以下环境
应用 university_of_washington uw-imap 2004c -
运行在以下环境
应用 university_of_washington uw-imap 2004d -
运行在以下环境
应用 university_of_washington uw-imap 2004e -
运行在以下环境
系统 debian_10 alpine * Up to
(excluding)
2.21+dfsg1-1.1
运行在以下环境
系统 debian_11 alpine * Up to
(excluding)
2.24+dfsg1-1
运行在以下环境
系统 debian_12 alpine * Up to
(excluding)
2.26+dfsg-1
运行在以下环境
系统 debian_3.1 uw-imap * Up to
(excluding)
7:2002edebian1-11sarge1
阿里云评分
3.6
  • 攻击路径
    远程
  • 攻击复杂度
    容易
  • 权限要求
    无需权限
  • 影响范围
    有限影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    传输被破坏
  • 服务器危害
    无影响
  • 全网数量
    N/A
CWE-ID 漏洞类型
NVD-CWE-Other
阿里云安全产品覆盖情况