CVE-2008-5005

N/A Unknown
Published: November 10, 2008 Modified: April 23, 2026
View on NVD

Description

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
Source: cve@mitre.org
Patch
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
Source: cve@mitre.org
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
Source: cve@mitre.org
http://panda.com/imap/
Source: cve@mitre.org
http://rhn.redhat.com/errata/RHSA-2009-0275.html
Source: cve@mitre.org
http://secunia.com/advisories/32483
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32512
Source: cve@mitre.org
http://secunia.com/advisories/33142
Source: cve@mitre.org
http://secunia.com/advisories/33996
Source: cve@mitre.org
http://securityreason.com/securityalert/4570
Source: cve@mitre.org
http://securitytracker.com/id?1021131
Source: cve@mitre.org
http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm
Source: cve@mitre.org
http://www.bitsec.com/en/rad/bsa-081103.c
Source: cve@mitre.org
URL Repurposed
http://www.bitsec.com/en/rad/bsa-081103.txt
Source: cve@mitre.org
URL Repurposed
http://www.debian.org/security/2008/dsa-1685
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
Source: cve@mitre.org
http://www.openwall.com/lists/oss-security/2008/11/03/3
Source: cve@mitre.org
http://www.openwall.com/lists/oss-security/2008/11/03/4
Source: cve@mitre.org
http://www.openwall.com/lists/oss-security/2008/11/03/5
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/498002/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/32072
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/3042
Source: cve@mitre.org
http://www.washington.edu/alpine/tmailbug.html
Source: cve@mitre.org
https://bugzilla.redhat.com/show_bug.cgi?id=469667
Source: cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
Source: cve@mitre.org
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=full-disclosure&m=122572590212610&w=4
Source: af854a3a-2127-422b-91ae-364da2661108
http://panda.com/imap/
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2009-0275.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/32483
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32512
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/33142
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/33996
Source: af854a3a-2127-422b-91ae-364da2661108
http://securityreason.com/securityalert/4570
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1021131
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2009-065.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.bitsec.com/en/rad/bsa-081103.c
Source: af854a3a-2127-422b-91ae-364da2661108
URL Repurposed
http://www.bitsec.com/en/rad/bsa-081103.txt
Source: af854a3a-2127-422b-91ae-364da2661108
URL Repurposed
http://www.debian.org/security/2008/dsa-1685
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2008/11/03/3
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2008/11/03/4
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2008/11/03/5
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/498002/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/32072
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/3042
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.washington.edu/alpine/tmailbug.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=469667
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/46281
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
Source: af854a3a-2127-422b-91ae-364da2661108

56 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
4.8%
89th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

university_of_washington

Related CVEs

CVE-2026-41044 N/A
CVE-2026-41043 N/A
CVE-2026-40466 N/A
CVE-2025-62233 N/A
CVE-2026-6272 N/A