Vulnerabilities > CVE-2005-1523 - Unspecified vulnerability in GNU Mailutils 0.5/0.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | GNU Mailutils imap4d <= 0.6 Remote Format String Exploit. CVE-2005-1523. Remote exploit for linux platform |
| id | EDB-ID:1123 |
| last seen | 2016-01-31 |
| modified | 2005-08-01 |
| published | 2005-08-01 |
| reporter | CoKi |
| source | https://www.exploit-db.com/download/1123/ |
| title | GNU Mailutils imap4d <= 0.6 - Remote Format String Exploit |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200505-20.NASL description The remote host is affected by the vulnerability described in GLSA-200505-20 (Mailutils: Multiple vulnerabilities in imap4d and mail) infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CAN-2005-1523), fails to validate the range sequence of the last seen 2020-06-01 modified 2020-06-02 plugin id 18384 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18384 title GLSA-200505-20 : Mailutils: Multiple vulnerabilities in imap4d and mail code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200505-20. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(18384); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1520", "CVE-2005-1521", "CVE-2005-1522", "CVE-2005-1523"); script_xref(name:"GLSA", value:"200505-20"); script_name(english:"GLSA-200505-20 : Mailutils: Multiple vulnerabilities in imap4d and mail"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200505-20 (Mailutils: Multiple vulnerabilities in imap4d and mail) infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CAN-2005-1523), fails to validate the range sequence of the 'FETCH' command (CAN-2005-1522), and contains an integer overflow in the 'fetch_io' routine (CAN-2005-1521). mail contains a buffer overflow in 'header_get_field_name()' (CAN-2005-1520). Impact : A remote attacker can exploit the format string and integer overflow in imap4d to execute arbitrary code as the imap4d user, which is usually root. By sending a specially crafted email message, a remote attacker could exploit the buffer overflow in the 'mail' utility to execute arbitrary code with the rights of the user running mail. Finally, a remote attacker can also trigger a Denial of Service by sending a malicious FETCH command to an affected imap4d, causing excessive resource consumption. Workaround : There are no known workarounds at this time." ); # http://www.idefense.com/application/poi/display?id=249&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?25ab4cb8" ); # http://www.idefense.com/application/poi/display?id=248&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d6033f90" ); # http://www.idefense.com/application/poi/display?id=247&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ceebb2fd" ); # http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f7b7be14" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200505-20" ); script_set_attribute( attribute:"solution", value: "All GNU Mailutils users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/mailutils-0.6-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mailutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-mail/mailutils", unaffected:make_list("ge 0.6-r1"), vulnerable:make_list("lt 0.6-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mailutils"); }NASL family Gain a shell remotely NASL id GNU_MAILUTILS_060.NASL description GNU Mailutils is a collection of mail utilities, including an IMAP4 daemon, a POP3 daemon, and a very simple mail client. The remote host is running a version of GNU Mailutils containing several critical flaws in its IMAP4 daemon and its mail client last seen 2020-06-01 modified 2020-06-02 plugin id 18371 published 2005-05-26 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18371 title GNU Mailutils <= 0.6 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-732.NASL description 'infamous41md last seen 2020-06-01 modified 2020-06-02 plugin id 18519 published 2005-06-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18519 title Debian DSA-732-1 : mailutils - several vulnerabilities
References
- http://secunia.com/advisories/15442
- http://secunia.com/advisories/15442
- http://securitytracker.com/id?1014052
- http://securitytracker.com/id?1014052
- http://www.debian.org/security/2005/dsa-732
- http://www.debian.org/security/2005/dsa-732
- http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities
- http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities
- http://www.securityfocus.com/bid/13764
- http://www.securityfocus.com/bid/13764