Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-0198

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Feb, 2005 | 05:00
Updated At-07 Aug, 2024 | 21:05
Rejected At-
Credits

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Feb, 2005 | 05:00
Updated At:07 Aug, 2024 | 21:05
Rejected At:
▼CVE Numbering Authority (CNA)

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
vdb-entry
signature
x_refsource_OVAL
http://www.kb.cert.org/vuls/id/CRDY-68QSL5
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-128.html
vendor-advisory
x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
vendor-advisory
x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
vendor-advisory
x_refsource_MANDRAKE
http://secunia.com/advisories/14097
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1013037
vdb-entry
x_refsource_SECTRACK
http://www.kb.cert.org/vuls/id/702777
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/14057
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/12391
vdb-entry
x_refsource_BID
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-68QSL5
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-128.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://secunia.com/advisories/14097
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1013037
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.kb.cert.org/vuls/id/702777
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/14057
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/12391
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.kb.cert.org/vuls/id/CRDY-68QSL5
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-128.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://secunia.com/advisories/14097
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1013037
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.kb.cert.org/vuls/id/702777
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/14057
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/12391
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-68QSL5
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-128.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://secunia.com/advisories/14097
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1013037
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/702777
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/14057
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/12391
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 May, 2005 | 04:00
Updated At:03 Apr, 2025 | 01:03

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
university_of_washington
university_of_washington
>>uw-imap>>*
cpe:2.3:a:university_of_washington:uw-imap:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/14057cve@mitre.org
N/A
http://secunia.com/advisories/14097cve@mitre.org
N/A
http://securitytracker.com/id?1013037cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-02.xmlcve@mitre.org
Patch
http://www.kb.cert.org/vuls/id/702777cve@mitre.org
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/CRDY-68QSL5cve@mitre.org
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:026cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-128.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/12391cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306cve@mitre.org
N/A
http://secunia.com/advisories/14057af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/14097af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1013037af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-02.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://www.kb.cert.org/vuls/id/702777af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/CRDY-68QSL5af854a3a-2127-422b-91ae-364da2661108
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:026af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-128.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/12391af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/14057
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/14097
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1013037
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.kb.cert.org/vuls/id/702777
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-68QSL5
Source: cve@mitre.org
Resource:
Patch
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-128.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/12391
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/14057
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/14097
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1013037
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.kb.cert.org/vuls/id/702777
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-68QSL5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-128.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/12391
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2005-2933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-35.08% / 96.90%
||
7 Day CHG~0.00%
Published-13 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-uw-imapn/a
CVE-2003-0297
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 74.88%
||
7 Day CHG~0.00%
Published-15 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-c-clientpineimap-2002bn/a
CVE-2002-0379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-29.90% / 96.48%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-uw-imapn/a
CVE-2002-0014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.25% / 78.47%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).

Action-Not Available
Vendor-university_of_washingtonn/a
Product-pinen/a
CVE-2000-0847
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 79.88%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-pineimapn/a
CVE-1999-0997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.67%
||
7 Day CHG~0.00%
Published-25 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Action-Not Available
Vendor-millenux_gmbhuniversity_of_washingtonn/aRed Hat, Inc.
Product-linuxanonftpwu-ftpdn/a
CVE-1999-0202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 71.91%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-wu-ftpdn/a
CVE-2000-0284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-79.86% / 99.06%
||
7 Day CHG~0.00%
Published-26 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-imapn/a
CVE-2003-0720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.29% / 95.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-pinen/a
CVE-2000-0909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.04% / 93.16%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

Action-Not Available
Vendor-university_of_washingtonn/a
Product-pinen/a
Details not found