fkie_cve-2007-5007
Vulnerability from fkie_nvd
Published
2007-12-12 22:10
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | balsa | 1.1.7 | |
| gnome | balsa | 1.2.4 | |
| gnome | balsa | 1.4 | |
| gnome | balsa | 1.4.3 | |
| gnome | balsa | 2.0.6 | |
| gnome | balsa | 2.0.10 | |
| gnome | balsa | 2.0.16 | |
| gnome | balsa | 2.0.17 | |
| gnome | balsa | 2.0.18 | |
| gnome | balsa | 2.1 | |
| gnome | balsa | 2.1.1 | |
| gnome | balsa | 2.1.2 | |
| gnome | balsa | 2.1.3 | |
| gnome | balsa | 2.1.90 | |
| gnome | balsa | 2.1.91 | |
| gnome | balsa | 2.2 | |
| gnome | balsa | 2.2.1 | |
| gnome | balsa | 2.2.2 | |
| gnome | balsa | 2.2.3 | |
| gnome | balsa | 2.2.4 | |
| gnome | balsa | 2.2.5 | |
| gnome | balsa | 2.2.6 | |
| gnome | balsa | 2.3 | |
| gnome | balsa | 2.3.1 | |
| gnome | balsa | 2.3.2 | |
| gnome | balsa | 2.3.3 | |
| gnome | balsa | 2.3.4 | |
| gnome | balsa | 2.3.5 | |
| gnome | balsa | 2.3.6 | |
| gnome | balsa | 2.3.7 | |
| gnome | balsa | 2.3.8 | |
| gnome | balsa | 2.3.10 | |
| gnome | balsa | 2.3.11 | |
| gnome | balsa | 2.3.12 | |
| gnome | balsa | 2.3.13 | |
| gnome | balsa | 2.3.14 | |
| gnome | balsa | 2.3.15 | |
| gnome | balsa | 2.3.16 | |
| gnome | balsa | 2.3.17 | |
| gnome | balsa | 2.3.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:balsa:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "950C09DA-EAEA-4DE7-8A5E-ED9E82C653F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BCE579-53AC-4B05-9E33-ACDA345D5B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0E134F-93E3-4754-98A5-E6917853C99B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0FCECC-E287-486D-A8C1-CA952F4FBC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAE6454-3B98-4AC8-8C03-4943F168AEF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "91C14FE8-1596-4C1C-924D-D296EDB8FB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7225E52A-13A9-4283-8B00-D22C47358871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C7927268-514A-45C8-9A03-CF33426B2875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7FF7A-856E-42BC-9129-A1B28F508EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "871512E9-340D-4BC3-A2C0-5D160E6F4004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "596A3E04-CB96-4DFE-AE7C-B506DD3C54D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "209D1628-7C99-4722-8038-B835BDE57B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E8B391-160B-49E0-8505-AA0E625A792C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30197C-3991-469D-83E9-9EBE17BFA59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BCD53C-61D5-49E2-8854-F8F8021DAA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6D9C1F-A67A-4E1F-B6BE-9F98F9998DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B88D420-12D1-4196-9B6C-3A6BD4F4371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDDFC9F-A654-4644-9E8C-6F5902BFC51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFC41E5-6000-44B8-A7AC-426185E8FAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38D0233D-CCFC-47C0-B4D6-5F5F91A6260A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA69D3A-E357-4B2A-9E9C-2CADA91E45A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9506DE3C-AD8D-4128-AA5A-1B72465B73AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A9132B-91DC-404D-A3CA-69457DB75A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943CFC36-8856-4D8B-A7E5-DF1458769EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE94C8-F5D4-4D8C-AF9C-0290F24575AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6C96C8-34EE-4C10-BB16-A093CB626FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C116A3-1F8B-4F6B-8056-0685C9DAF9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1134D391-A0CF-41AD-B871-423F1929BA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50F69A80-C311-4840-AF70-ABDDB2D006EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79156072-C833-4C7A-A07A-71DDC5BDCB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA4632D-4729-42A3-8778-C02F50D95C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0F968DAE-A85A-483E-918F-45DA7CD5C0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6730AE89-6168-47FA-8C3C-8A54A8CF0790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "61899224-39E2-485A-BD02-D0F596D0C3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3C98B1-04E7-4FB9-BBCA-A0CAC5C85453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "850D4CD2-1F1F-43B7-8DD0-00985F059637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9A426AAD-E53A-4BCF-ADA2-A25215F36EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81A463-B9DF-4626-BA1F-0386D77A3BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDA6B44-CB69-47FA-AC29-1A5D7BA14080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:balsa:2.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "401E38DB-D54C-49B0-93B6-2DDE6FA93F6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n ir_fetch_seq de balsa anterior a 2.3.20 pod\u00eda permitir a servidores IMAP remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta larga para un comando FETCH."
}
],
"id": "CVE-2007-5007",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T22:10:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40585"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26947"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26987"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27272"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25777"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3263"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1.",
"lastModified": "2008-01-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…