Vulnerabilities > CVE-2005-1824 - Unspecified vulnerability in GNU Mailutils 1.0.6.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200506-02.NASL description The remote host is affected by the vulnerability described in GLSA-200506-02 (Mailutils: SQL Injection) When GNU Mailutils is built with the last seen 2020-06-01 modified 2020-06-02 plugin id 18425 published 2005-06-07 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18425 title GLSA-200506-02 : Mailutils: SQL Injection NASL family Gain a shell remotely NASL id GNU_MAILUTILS_060.NASL description GNU Mailutils is a collection of mail utilities, including an IMAP4 daemon, a POP3 daemon, and a very simple mail client. The remote host is running a version of GNU Mailutils containing several critical flaws in its IMAP4 daemon and its mail client last seen 2020-06-01 modified 2020-06-02 plugin id 18371 published 2005-05-26 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18371 title GNU Mailutils <= 0.6 Multiple Vulnerabilities