CVE-2007-5007

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2007-5007
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2007-12-12 22:10:00 UTC
Updated2011-03-08 02:59:00 UTC
DescriptionStack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Gnome Balsa 1.1.7 All All All
Application Gnome Balsa 1.2.4 All All All
Application Gnome Balsa 1.4 All All All
Application Gnome Balsa 1.4.3 All All All
Application Gnome Balsa 2.0.10 All All All
Application Gnome Balsa 2.0.16 All All All
Application Gnome Balsa 2.0.17 All All All
Application Gnome Balsa 2.0.18 All All All
Application Gnome Balsa 2.0.6 All All All
Application Gnome Balsa 2.1 All All All
Application Gnome Balsa 2.1.1 All All All
Application Gnome Balsa 2.1.2 All All All
Application Gnome Balsa 2.1.3 All All All
Application Gnome Balsa 2.1.90 All All All
Application Gnome Balsa 2.1.91 All All All
Application Gnome Balsa 2.2 All All All
Application Gnome Balsa 2.2.1 All All All
Application Gnome Balsa 2.2.2 All All All
Application Gnome Balsa 2.2.3 All All All
Application Gnome Balsa 2.2.4 All All All
Application Gnome Balsa 2.2.5 All All All
Application Gnome Balsa 2.2.6 All All All
Application Gnome Balsa 2.3 All All All
Application Gnome Balsa 2.3.1 All All All
Application Gnome Balsa 2.3.10 All All All
Application Gnome Balsa 2.3.11 All All All
Application Gnome Balsa 2.3.12 All All All
Application Gnome Balsa 2.3.13 All All All
Application Gnome Balsa 2.3.14 All All All
Application Gnome Balsa 2.3.15 All All All
Application Gnome Balsa 2.3.16 All All All
Application Gnome Balsa 2.3.17 All All All
Application Gnome Balsa 2.3.19 All All All
Application Gnome Balsa 2.3.2 All All All
Application Gnome Balsa 2.3.3 All All All
Application Gnome Balsa 2.3.4 All All All
Application Gnome Balsa 2.3.5 All All All
Application Gnome Balsa 2.3.6 All All All
Application Gnome Balsa 2.3.7 All All All
Application Gnome Balsa 2.3.8 All All All
Application Gnome Balsa 1.1.7 All All All
Application Gnome Balsa 1.2.4 All All All
Application Gnome Balsa 1.4 All All All
Application Gnome Balsa 1.4.3 All All All
Application Gnome Balsa 2.0.10 All All All
Application Gnome Balsa 2.0.16 All All All
Application Gnome Balsa 2.0.17 All All All
Application Gnome Balsa 2.0.18 All All All
Application Gnome Balsa 2.0.6 All All All
Application Gnome Balsa 2.1 All All All
Application Gnome Balsa 2.1.1 All All All
Application Gnome Balsa 2.1.2 All All All
Application Gnome Balsa 2.1.3 All All All
Application Gnome Balsa 2.1.90 All All All
Application Gnome Balsa 2.1.91 All All All
Application Gnome Balsa 2.2 All All All
Application Gnome Balsa 2.2.1 All All All
Application Gnome Balsa 2.2.2 All All All
Application Gnome Balsa 2.2.3 All All All
Application Gnome Balsa 2.2.4 All All All
Application Gnome Balsa 2.2.5 All All All
Application Gnome Balsa 2.2.6 All All All
Application Gnome Balsa 2.3 All All All
Application Gnome Balsa 2.3.1 All All All
Application Gnome Balsa 2.3.10 All All All
Application Gnome Balsa 2.3.11 All All All
Application Gnome Balsa 2.3.12 All All All
Application Gnome Balsa 2.3.13 All All All
Application Gnome Balsa 2.3.14 All All All
Application Gnome Balsa 2.3.15 All All All
Application Gnome Balsa 2.3.16 All All All
Application Gnome Balsa 2.3.17 All All All
Application Gnome Balsa 2.3.19 All All All
Application Gnome Balsa 2.3.2 All All All
Application Gnome Balsa 2.3.3 All All All
Application Gnome Balsa 2.3.4 All All All
Application Gnome Balsa 2.3.5 All All All
Application Gnome Balsa 2.3.6 All All All
Application Gnome Balsa 2.3.7 All All All
Application Gnome Balsa 2.3.8 All All All

References

ReferenceSourceLinkTags
Gentoo Linux Documentation -- Balsa: Buffer overflow GENTOO www.gentoo.org
Webmail - OVH VUPEN www.vupen.com
40585 OSVDB osvdb.org
Gentoo update for balsa - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SUSE Update for Multiple Packages - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Security Announcement SUSE www.novell.com
Gentoo Bug 193179 - mail-client/balsa < 2.3.20 ir_fetch_seq() Stack-based buffer overflow (CVE-2007-5007) CONFIRM bugs.gentoo.org Exploit
297581 – (CVE-2007-5007) CVE-2007-5007 balsa: IMAP server triggerred stack overflow CONFIRM bugzilla.redhat.com
Balsa "ir_fetch_seq()" Buffer Overflow Vulnerability - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
ANNOUNCE: balsa-2.3.20 released MLIST mail.gnome.org Patch
Bug 474366 – buffer overflow in ir_fetch_seq() CONFIRM bugzilla.gnome.org
Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability BID www.securityfocus.com Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

OrganizationPublishedContributorStatement
Red Hat2008-01-09Mark J CoxNot vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1.
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report