Alpine Tmail And Dmail Buffer Overflow Vulnerabilities (Win) Network Vulnerability

Summary

The host has Alpine installed and is prone to Buffer Overflow Vulnerabilities.

Impact

Successful exploitation allows execution of arbitrary code, but requires that the utilities are configured as a delivery backend for a mail transfer agent allowing overly long destination mailbox names. Impact Level: Application

Solution

Update to higher Version or Apply patches from, http://www.washington.edu/alpine/tmailbug.html ***** NOTE : Ignore this warning, if above mentioned patch is applied already. *****

Insight

The flaws are due to boundary error in the tmail/dmail utility, when processing overly long mailbox names composed of a username and + character followed by a long string and also by specifying a long folder extension argument on the command line.

Affected

University of Washington Alpine 2.00 and priror on Windows.

References

http://secunia.com/advisories/32483
http://www.frsirt.com/english/advisories/2008/3042/products
http://www.washington.edu/alpine/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5005

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
BSPlayer Stack Overflow Vulnerability SRT
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities
CCProxy CONNECTION Request Buffer Overflow Vulnerability

Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)

Take action and discover your vulnerabilities