Title : Balsa "ir_fetch_seq()" Response Processing Remote Buffer Overflow Issue VUPEN ID : VUPEN/ADV-2007-3263 CVE ID : CVE-2007-5007
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-09-25
Technical Description
A vulnerability has been identified in Balsa, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code. This issue is caused by a buffer overflow error in the "ir_fetch_seq()" [libbalsa/imap/imap-handle.c] function when processing an overly long response to a "FETCH" command, which could be exploited by attackers to compromise a vulnerable system by tricking a user into connecting to a malicious IMAP server.
