cpe:/a:vergenet:perdition_mail_retrieval_proxy:1.17 CVE-2007-5740 2007-10-31T12:46:00.000-04:00 2017-07-28T21:33:50.177-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-11-01T07:41:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1018883 FULLDISC 20071031 SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability BUGTRAQ 20071031 SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format StringVulnerability BID 26270 SECUNIA 27458 SECUNIA 27520 VUPEN ADV-2007-3677 DEBIAN DSA-1398 MISC http://www.sec-consult.com/300.html CONFIRM http://www.vergenet.net/linux/perdition/ChangeLog.shtml XF perdition-imap-strvwrite-format-string(38184) The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.