← back
CVE-2007-5466

CVE-2007-5466

EPSS 19.9%
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
Affected products
n/a · n/a
public PoCs found3
cve_referencewww.exploit-db.com/exploits/4535unverifiedcve_referencewww.exploit-db.com/exploits/4533unverifiedcve_referencewww.exploit-db.com/exploits/4534unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/27220https://exchange.xforce.ibmcloud.com/vulnerabilities/37209https://www.exploit-db.com/exploits/4533https://www.exploit-db.com/exploits/4534https://www.exploit-db.com/exploits/4535http://www.digit-labs.org/files/exploits/extremail-v4.chttp://www.digit-labs.org/files/exploits/extremail-v5.chttp://www.digit-labs.org/files/exploits/extremail-v6.chttp://www.digit-labs.org/files/exploits/extremail-v8.plhttp://www.securityfocus.com/archive/1/482293http://www.securityfocus.com/bid/26074