National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2008-5006 Detail

Description

smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.

Source:  MITRE      Last Modified:  11/10/2008

Quick Info

CVE Dictionary Entry:
CVE-2008-5006
Original release date:
11/10/2008
Last revised:
08/07/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (01/30/2009)

The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://www.debian.org/security/2008/dsa-1685 External Source DEBIAN DSA-1685
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 External Source MANDRIVA MDVSA-2009:146
http://www.openwall.com/lists/oss-security/2008/11/03/5 External Source MLIST [oss-security] 20081103 Re: CVE request - uw-imap
http://www.securityfocus.com/bid/32280 External Source BID 32280
https://exchange.xforce.ibmcloud.com/vulnerabilities/46604 External Source XF imap-toolkit-smtp-dos(46604)

Technical Details

Vulnerability Type (View All)

Change History 2 change records found - show changes