CVE Catalog

CVE-1999-1224

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

25th percentile — higher than 25% of all known CVEs

Summary

IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, leading to a core dump that may contain sensitive password information.

Risk Assessment

Local users can exploit this vulnerability to crash the server, potentially leading to service unavailability and exposure of sensitive data.

Recommendation

It is recommended to update to the latest version of the IMAP software that addresses signal handling issues and to monitor logs for unauthorized access attempts.

Original NVD description (English source)

IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS