New User, Welcome!     Login

UW IMAP

[ GLSA 200911-03 ] UW IMAP toolkit: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: UW IMAP toolkit: Multiple vulnerabilities
      Date: November 25, 2009
      Bugs: #245425, #252567
        ID: 200911-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities

Debian Security Advisory DSA-1685-1                  security@debian.org
http://www.debian.org/security/                           Steffen Joeris
December 12, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : uw-imap
Vulnerability  : buffer overflows, null pointer dereference
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-5005 CVE-2008-5006

[ MDVSA-2009:146 ] imap

 command with a close of the TCP connection instead of the expected
 221 response code (CVE-2008-5006).
 
 Off-by-one error in the rfc822_output_char function in the RFC822BUFFER
 routines in the University of Washington (UW) c-client library, as
 used by the UW IMAP toolkit before imap-2007e and other applications,
 allows context-dependent attackers to cause a denial of service (crash)
 via an e-mail message that triggers a buffer overflow (CVE-2008-5514).
 
 The updated packages have been patched to prevent this. Note that the
 software was renamed to c-client starting from Mandriva Linux 2009.0

[ MDVSA-2009:166 ] c-client

 command with a close of the TCP connection instead of the expected
 221 response code (CVE-2008-5006).
 
 Off-by-one error in the rfc822_output_char function in the RFC822BUFFER
 routines in the University of Washington (UW) c-client library, as
 used by the UW IMAP toolkit before imap-2007e and other applications,
 allows context-dependent attackers to cause a denial of service (crash)
 via an e-mail message that triggers a buffer overflow (CVE-2008-5514).
 
 The updated packages have been patched to prevent this. Note that the
 software was renamed to c-client starting from Mandriva Linux 2009.0

[ MDVSA-2009:146-1 ] imap

 command with a close of the TCP connection instead of the expected
 221 response code (CVE-2008-5006).
 
 Off-by-one error in the rfc822_output_char function in the RFC822BUFFER
 routines in the University of Washington (UW) c-client library, as
 used by the UW IMAP toolkit before imap-2007e and other applications,
 allows context-dependent attackers to cause a denial of service (crash)
 via an e-mail message that triggers a buffer overflow (CVE-2008-5514).
 
 The updated packages have been patched to prevent this. Note that the
 software was renamed to c-client starting from Mandriva Linux 2009.0


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!