Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Gain a shell remotely --> Category: attack

GNU Mailutils imap4d Search Command Format String Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for search command format string vulnerability in GNU Mailutils imap4d

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote IMAP server is affected by a format string vulnerability.

Description :

GNU Mailutils is a collection of mail utilities, including an IMAP4
daemon, a POP3 daemon, and a very simple mail client.

The remote host is running a version of GNU Mailutils containing a
format string vulnerability in its IMAP4 daemon. By exploiting these
issues, a remote attacker may be able to execute code remotely in the
context of the user executing the daemon process, typically root.

See also :

http://www.idefense.com/application/poi/display?id=303&type=vulnerabilities
http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407

Solution :

Apply the patch referenced in the vendor advisory above.

Threat Level:

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.