CVE-2008-4907

Dovecot 1.1.4 and 1.1.5 - Denial of Service via Malformed From Address in IMAP FETCH ENVELOPE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4907. PoCs published by anonymous.

AI-analyzed exploit summary This is a writeup describing a remote denial-of-service vulnerability in Dovecot 1.1.4 and 1.1.5. The issue is triggered by a malformed 'From:' header in an email, causing a crash when the IMAP client uses the FETCH ENVELOPE command.

Description

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Exploits (1)

exploitdb WRITEUP VERIFIED

by anonymous · textdoslinux

https://www.exploit-db.com/exploits/32551

View Code ZIP pw:eip

This is a writeup describing a remote denial-of-service vulnerability in Dovecot 1.1.4 and 1.1.5. The issue is triggered by a malformed 'From:' header in an email, causing a crash when the IMAP client uses the FETCH ENVELOPE command.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Dovecot 1.1.4, 1.1.5

No auth needed

Prerequisites: IMAP client using FETCH ENVELOPE command · Ability to send crafted email to target

MITRE ATT&CK