CVE-2005-2933

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-09-15 CVE Reserved
2005-10-13 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (46)

URL	Tag	Source
http://secunia.com/advisories/17148	Third Party Advisory
http://secunia.com/advisories/17152	Third Party Advisory
http://secunia.com/advisories/17215	Third Party Advisory
http://secunia.com/advisories/17276	Third Party Advisory
http://secunia.com/advisories/17336	Third Party Advisory
http://secunia.com/advisories/17483	Third Party Advisory
http://secunia.com/advisories/17928	Third Party Advisory
http://secunia.com/advisories/17930	Third Party Advisory
http://secunia.com/advisories/17950	Third Party Advisory
http://secunia.com/advisories/18554	Third Party Advisory
http://secunia.com/advisories/19832	Third Party Advisory
http://secunia.com/advisories/20210	Third Party Advisory
http://secunia.com/advisories/20222	Third Party Advisory
http://secunia.com/advisories/20951	Third Party Advisory
http://secunia.com/advisories/21252	Third Party Advisory
http://secunia.com/advisories/21564	Third Party Advisory
http://securityreason.com/securityalert/47	Third Party Advisory
http://securitytracker.com/id?1015000	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm	X_refsource_confirm
http://www.kb.cert.org/vuls/id/933601	Third Party Advisory
http://www.securityfocus.com/bid/15009	Vdb Entry
http://www.vupen.com/english/advisories/2006/2685	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/22518	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9858	Signature

URL	Date	SRC

URL	Date	SRC
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0081.html	2018-10-19
http://secunia.com/advisories/17062	2018-10-19
http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities&flashstatus=true	2018-10-19
http://www.washington.edu/imap	2018-10-19

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U	2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc	2018-10-19
http://rhn.redhat.com/errata/RHSA-2006-0276.html	2018-10-19
http://rhn.redhat.com/errata/RHSA-2006-0549.html	2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.500161	2018-10-19
http://www.debian.org/security/2005/dsa-861	2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200510-10.xml	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2005:189	2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2005:194	2018-10-19
http://www.novell.com/linux/security/advisories/2005_23_sr.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2005-848.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2005-850.html	2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0501.html	2018-10-19
http://www.securityfocus.com/archive/1/430296/100/0/threaded	2018-10-19
http://www.securityfocus.com/archive/1/430303/100/0/threaded	2018-10-19
https://access.redhat.com/security/cve/CVE-2005-2933	2006-07-27
https://bugzilla.redhat.com/show_bug.cgi?id=1617767	2006-07-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				<= 2004f Search vendor "University Of Washington" for product "Uw-imap" and version " <= 2004f"		-		Affected
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				2004 Search vendor "University Of Washington" for product "Uw-imap" and version "2004"		-		Affected
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				2004a Search vendor "University Of Washington" for product "Uw-imap" and version "2004a"		-		Affected
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				2004b Search vendor "University Of Washington" for product "Uw-imap" and version "2004b"		-		Affected
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				2004c Search vendor "University Of Washington" for product "Uw-imap" and version "2004c"		-		Affected
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				2004d Search vendor "University Of Washington" for product "Uw-imap" and version "2004d"		-		Affected
University Of Washington Search vendor "University Of Washington"		Uw-imap Search vendor "University Of Washington" for product "Uw-imap"				2004e Search vendor "University Of Washington" for product "Uw-imap" and version "2004e"		-		Affected