CVE-2008-5005 alpine

Metadata

critical
10.0
alpine
CVE-2008-5005
2017-06-18 07:03
CVE-2008-5005 uw-imap
CVE-2008-5005
2017-06-16 18:50
2017-04-01 19:11
2017-01-05 20:15

Description

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
stretch alpine
jessie alpine
buster alpine
wheezy alpine
sid alpine