[Japanese]

JVNDB-2005-000199

Sylpheed Filename Buffer Overflow Vulnerability

Overview

Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.1 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Sylpheed
  • Sylpheed 1.0.4 and earlier
Turbolinux, Inc.
  • Turbolinux 10_f
  • Turbolinux Desktop 10
  • Turbolinux Server 7
  • Turbolinux Server 8
  • Turbolinux Workstation 7
  • Turbolinux Workstation 8
  • Turbolinux Home

Impact

An attacker could execute arbitrary code with the privileges of the user running Sylpheed.
Solution

Please refer to the 'Vendor Information' and 'References' section for appropriate remediation.
Vendor Information

Sylpheed Turbolinux, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-0926
References

  1. National Vulnerability Database (NVD) : CVE-2005-0926
  2. SecurityFocus : 12934
Revision History

  • [2008/05/21]
      Web page published