[Japanese]

JVNDB-2005-000163

Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters

Overview

Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.1 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Sylpheed
  • Sylpheed 1.0.3 and earlier
  • Sylpheed 1.9.5 and earlier
Turbolinux, Inc.
  • Turbolinux 10_f
  • Turbolinux Desktop 10
  • Turbolinux Server 7
  • Turbolinux Server 8
  • Turbolinux Workstation 7
  • Turbolinux Workstation 8
  • Turbolinux Home
Red Hat, Inc.
  • Red Hat Enterprise Linux 2.1 (as)
  • Red Hat Enterprise Linux 2.1 (es)
  • Red Hat Enterprise Linux 2.1 (ws)
  • Red Hat Linux Advanced Workstation 2.1

Impact

An Attacker could execute arbitrary code with the privileges of the user running Sylpheed.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Sylpheed Turbolinux, Inc. Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-0667
References

  1. National Vulnerability Database (NVD) : CVE-2005-0667
  2. Secunia Advisory : SA14491
  3. SecurityFocus : 12730
Revision History

  • [2008/05/21]
      Web page published