c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| C-client | University_of_washington | * | * |
| Imap-2002b | University_of_washington | * | * |
| Pine | University_of_washington | 4.53 (including) | 4.53 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * |
References
- http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2
- http://www.redhat.com/support/errata/RHSA-2005-015.html
- http://www.redhat.com/support/errata/RHSA-2005-114.html
- http://www.securityfocus.com/archive/1/430302/100/0/threaded
- http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2
- http://www.redhat.com/support/errata/RHSA-2005-015.html
- http://www.redhat.com/support/errata/RHSA-2005-114.html
- http://www.securityfocus.com/archive/1/430302/100/0/threaded