Vulnerability Description
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vergenet | Perdition Mail Retrieval Proxy | <= 1.17 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.htmlPatch
- http://secunia.com/advisories/27458Vendor Advisory
- http://secunia.com/advisories/27520Vendor Advisory
- http://www.debian.org/security/2007/dsa-1398
- http://www.sec-consult.com/300.html
- http://www.securityfocus.com/archive/1/483034/100/0/threaded
- http://www.securityfocus.com/bid/26270
- http://www.securitytracker.com/id?1018883
- http://www.vergenet.net/linux/perdition/ChangeLog.shtml
- http://www.vupen.com/english/advisories/2007/3677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38184
- http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.htmlPatch
- http://secunia.com/advisories/27458Vendor Advisory
- http://secunia.com/advisories/27520Vendor Advisory
- http://www.debian.org/security/2007/dsa-1398
FAQ
What is CVE-2007-5740?
CVE-2007-5740 is a vulnerability with a CVSS score of 7.5 (HIGH). The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a for...
How severe is CVE-2007-5740?
CVE-2007-5740 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5740?
Check the references section above for vendor advisories and patch information. Affected products include: Vergenet Perdition Mail Retrieval Proxy.