CVE-2005-2933

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washingtons IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote () character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

Affected Software

Name	Vendor	Start Version	End Version
Uw-imap	University_of_washington	*	2004f (including)
Uw-imap	University_of_washington	2004 (including)	2004 (including)
Uw-imap	University_of_washington	2004a (including)	2004a (including)
Uw-imap	University_of_washington	2004b (including)	2004b (including)
Uw-imap	University_of_washington	2004c (including)	2004c (including)
Uw-imap	University_of_washington	2004d (including)	2004d (including)
Uw-imap	University_of_washington	2004e (including)	2004e (including)
Red Hat Enterprise Linux 3	RedHat	imap-1:2002d-12	*
Red Hat Enterprise Linux 3	RedHat	php-0:4.3.2-30.ent	*
Red Hat Enterprise Linux 4	RedHat	libc-client-0:2002e-14	*
Red Hat Enterprise Linux 4	RedHat	php-0:4.3.9-3.12	*
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)	RedHat		*
Uw-imap	Ubuntu	dapper	*
Uw-imap	Ubuntu	devel	*
Uw-imap	Ubuntu	edgy	*
Uw-imap	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2933
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References