CVE-2005-2878
mailutils - Format string vulnerability
EPSS 57.1%
Description
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
How to fix CVE-2005-2878
To remediate CVE-2005-2878, upgrade the affected package to a fixed version below.
- Debian/mailutils—upgrade to 1:0.6.90-3 or later
- Debian/mailutils—upgrade to 1:0.6.1-4sarge1 or later
- Debian/mailutils—upgrade to 1:0.6.90-2.1etch1 or later
Is CVE-2005-2878 being exploited?
Likely — EPSS is 57.1%, placing CVE-2005-2878 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 1:0.6.90-3
- from 0, < 1:0.6.1-4sarge1
- from 0, < 1:0.6.90-2.1etch1