Vulnerability Description
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Balsa | 1.1.7 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=193179Exploit
- http://bugzilla.gnome.org/show_bug.cgi?id=474366
- http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.htmlPatch
- http://osvdb.org/40585
- http://secunia.com/advisories/26947Vendor Advisory
- http://secunia.com/advisories/26987Vendor Advisory
- http://secunia.com/advisories/27272Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml
- http://www.novell.com/linux/security/advisories/2007_19_sr.html
- http://www.securityfocus.com/bid/25777Patch
- http://www.vupen.com/english/advisories/2007/3263
- https://bugzilla.redhat.com/show_bug.cgi?id=297581
- http://bugs.gentoo.org/show_bug.cgi?id=193179Exploit
- http://bugzilla.gnome.org/show_bug.cgi?id=474366
- http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.htmlPatch
FAQ
What is CVE-2007-5007?
CVE-2007-5007 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
How severe is CVE-2007-5007?
CVE-2007-5007 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5007?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Balsa.