Buffer overflow : Alpine tmail and dmail Buffer Overflow Vulnerabilities (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800150

Categoría: Buffer overflow

Título: Alpine tmail and dmail Buffer Overflow Vulnerabilities (Windows)

Resumen: The host has Alpine installed and is prone to Buffer Overflow; Vulnerabilities.

Descripción: Summary:
The host has Alpine installed and is prone to Buffer Overflow
Vulnerabilities.

Vulnerability Insight:
The flaws are due to boundary error in the tmail/dmail utility,
when processing overly long mailbox names composed of a username and +
character followed by a long string and also by specifying a long folder
extension argument on the command line.

Vulnerability Impact:
Successful exploitation allows execution of arbitrary code, but requires
that the utilities are configured as a delivery backend for a mail transfer
agent allowing overly long destination mailbox names.

Affected Software/OS:
University of Washington Alpine 2.00 and priror on Windows.

Solution:
Update to a higher version.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 32072
Common Vulnerability Exposure (CVE) ID: CVE-2008-5005
http://www.securityfocus.com/bid/32072
Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/498002/100/0/threaded
Debian Security Information: DSA-1685 (Google Search)
http://www.debian.org/security/2008/dsa-1685
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
http://www.bitsec.com/en/rad/bsa-081103.c
http://www.bitsec.com/en/rad/bsa-081103.txt
http://www.washington.edu/alpine/tmailbug.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
http://www.openwall.com/lists/oss-security/2008/11/03/3
http://www.openwall.com/lists/oss-security/2008/11/03/4
http://www.openwall.com/lists/oss-security/2008/11/03/5
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
RedHat Security Advisories: RHSA-2009:0275
http://rhn.redhat.com/errata/RHSA-2009-0275.html
http://securitytracker.com/id?1021131
http://secunia.com/advisories/32483
http://secunia.com/advisories/32512
http://secunia.com/advisories/33142
http://secunia.com/advisories/33996
http://securityreason.com/securityalert/4570
http://www.vupen.com/english/advisories/2008/3042
XForce ISS Database: uwimapd-tmail-bo(46281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281

Copyright Copyright (C) 2008 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800150
Categoría:	Buffer overflow
Título:	Alpine tmail and dmail Buffer Overflow Vulnerabilities (Windows)
Resumen:	The host has Alpine installed and is prone to Buffer Overflow; Vulnerabilities.
Descripción:	Summary: The host has Alpine installed and is prone to Buffer Overflow Vulnerabilities. Vulnerability Insight: The flaws are due to boundary error in the tmail/dmail utility, when processing overly long mailbox names composed of a username and + character followed by a long string and also by specifying a long folder extension argument on the command line. Vulnerability Impact: Successful exploitation allows execution of arbitrary code, but requires that the utilities are configured as a delivery backend for a mail transfer agent allowing overly long destination mailbox names. Affected Software/OS: University of Washington Alpine 2.00 and priror on Windows. Solution: Update to a higher version. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 32072 Common Vulnerability Exposure (CVE) ID: CVE-2008-5005 http://www.securityfocus.com/bid/32072 Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search) http://www.securityfocus.com/archive/1/498002/100/0/threaded Debian Security Information: DSA-1685 (Google Search) http://www.debian.org/security/2008/dsa-1685 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html http://marc.info/?l=full-disclosure&m=122572590212610&w=4 http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 http://www.bitsec.com/en/rad/bsa-081103.c http://www.bitsec.com/en/rad/bsa-081103.txt http://www.washington.edu/alpine/tmailbug.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html http://www.openwall.com/lists/oss-security/2008/11/03/3 http://www.openwall.com/lists/oss-security/2008/11/03/4 http://www.openwall.com/lists/oss-security/2008/11/03/5 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485 RedHat Security Advisories: RHSA-2009:0275 http://rhn.redhat.com/errata/RHSA-2009-0275.html http://securitytracker.com/id?1021131 http://secunia.com/advisories/32483 http://secunia.com/advisories/32512 http://secunia.com/advisories/33142 http://secunia.com/advisories/33996 http://securityreason.com/securityalert/4570 http://www.vupen.com/english/advisories/2008/3042 XForce ISS Database: uwimapd-tmail-bo(46281) https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
Copyright	Copyright (C) 2008 Greenbone Networks GmbH