Synopsis
========
Multiple vulnerabilities have been found in the UW IMAP toolkit and the
c-client library, the worst of which leading to the execution of
arbitrary code.
Background
==========
Mandriva Linux Security Advisory MDVSA-2009:166
http://www.mandriva.com/security/
_______________________________________________________________________
Package : c-client
Date : July 28, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
command line to the tmail or dmail program; and (b) remote attackers to
execute arbitrary code by sending e-mail to a destination mailbox name
composed of a username and '+' character followed by a long string,
processed by the tmail or possibly dmail program (CVE-2008-5005).
smtp.c in the c-client library in University of Washington IMAP Toolkit
2007b allows remote SMTP servers to cause a denial of service (NULL
pointer dereference and application crash) by responding to the QUIT
command with a close of the TCP connection instead of the expected
221 response code (CVE-2008-5006).
command line to the tmail or dmail program; and (b) remote attackers to
execute arbitrary code by sending e-mail to a destination mailbox name
composed of a username and '+' character followed by a long string,
processed by the tmail or possibly dmail program (CVE-2008-5005).
smtp.c in the c-client library in University of Washington IMAP Toolkit
2007b allows remote SMTP servers to cause a denial of service (NULL
pointer dereference and application crash) by responding to the QUIT
command with a close of the TCP connection instead of the expected
221 response code (CVE-2008-5006).
* Stefan Esser reported that a short-coming in PHP's algorithm of
seeding the random number generator might allow for predictible
random numbers (CVE-2008-2107, CVE-2008-2108).
* The IMAP extension in PHP uses obsolete c-client API calls making
it vulnerable to buffer overflows as no bounds checking can be done
(CVE-2008-2829).
* Tavis Ormandy reported a heap-based buffer overflow in
pcre_compile.c in the PCRE version shipped by PHP when processing
Resolution
==========
All PHP users should upgrade to the latest version. As PHP is
statically linked against a vulnerable version of the c-client library
when the imap or kolab USE flag is enabled (GLSA 200911-03), users
should upgrade net-libs/c-client beforehand:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e"
