[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:146-1 -- Mandriva imap

ID: oval:org.secpod.oval:def:301198Date: (C)2012-01-07   (M)2017-10-04
Class: PATCHFamily: unix




Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit: Multiple stack-based buffer overflows in University of Washington IMAP Toolkit 2002 through 2007c, University of Washington Alpine 2.00 and earlier, and Panda IMAP allow local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and "+" character followed by a long string, processed by the tmail or possibly dmail program . smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code . Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service via an e-mail message that triggers a buffer overflow . The updated packages have been patched to prevent this. Note that the software was renamed to c-client starting from Mandriva Linux 2009.0 and only provides the shared c-client library for the imap functions in PHP. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Platform:
Mandriva Linux 2008.0
Product:
imap
Reference:
MDVSA-2009:146-1
CVE-2008-5514
CVE-2008-5006
CVE-2008-5005
CVE    3
CVE-2008-5514
CVE-2008-5005
CVE-2008-5006
CPE    1
cpe:/o:mandriva:linux:2008.0

© 2013 SecPod Technologies