CVE-2007-5740
published 2007-10-31CVE-2007-5740: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.38%
95.7th percentile
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | perdition | < perdition 1.17.1-1 (bookworm) | perdition 1.17.1-1 (bookworm) |
| perdition | perdition | >= 0 < 1.17.1-1 | 1.17.1-1 |
| perdition | perdition | >= 0 < 1.17.1-1 | 1.17.1-1 |
| perdition | perdition | >= 0 < 1.17.1-1 | 1.17.1-1 |
| perdition | perdition | >= 0 < 1.17.1-1 | 1.17.1-1 |
| vergenet | perdition_mail_retrieval_proxy | <= 1.17 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h8w3-m7vj-q5mc: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1
ghsa_unreviewed·2022-05-01
CVE-2007-5740 [HIGH] CWE-134 GHSA-h8w3-m7vj-q5mc: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
OSV
CVE-2007-5740: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1
osv·2007-10-31·CVSS 7.5
CVE-2007-5740 [HIGH] CVE-2007-5740: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
Debian
CVE-2007-5740: perdition - The format string protection mechanism in IMAPD for Perdition Mail Retrieval Pro...
vendor_debian·2007·CVSS 7.5
CVE-2007-5740 [HIGH] CVE-2007-5740: perdition - The format string protection mechanism in IMAPD for Perdition Mail Retrieval Pro...
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
Scope: local
bookworm: resolved (fixed in 1.17.1-1)
bullseye: resolved (fixed in 1.17.1-1)
forky: resolved (fixed in 1.17.1-1)
sid: resolved (fixed in 1.17.1-1)
trixie: resolved (fixed in 1.17.1-1)
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.htmlhttp://secunia.com/advisories/27458http://secunia.com/advisories/27520http://www.debian.org/security/2007/dsa-1398http://www.sec-consult.com/300.htmlhttp://www.securityfocus.com/archive/1/483034/100/0/threadedhttp://www.securityfocus.com/bid/26270http://www.securitytracker.com/id?1018883http://www.vergenet.net/linux/perdition/ChangeLog.shtmlhttp://www.vupen.com/english/advisories/2007/3677https://exchange.xforce.ibmcloud.com/vulnerabilities/38184http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.htmlhttp://secunia.com/advisories/27458http://secunia.com/advisories/27520http://www.debian.org/security/2007/dsa-1398http://www.sec-consult.com/300.htmlhttp://www.securityfocus.com/archive/1/483034/100/0/threadedhttp://www.securityfocus.com/bid/26270http://www.securitytracker.com/id?1018883http://www.vergenet.net/linux/perdition/ChangeLog.shtmlhttp://www.vupen.com/english/advisories/2007/3677https://exchange.xforce.ibmcloud.com/vulnerabilities/38184
2007-10-31
Published