November 25, 2009

Gentoo Linux Security Advisory 200911-03 (High): c-client (and 1

Multiple vulnerabilities were found in the UW IMAP toolkit:

  • Aron Andersson and Jan Sahlin of Bitsec reported boundary errors in the "tmail" and "dmail" utilities when processing overly long mailbox names, leading to stack-based buffer overflows (CVE-2008-5005).
  • An error in smtp.c in the c-client library was found, leading to a NULL pointer dereference vulnerability (CVE-2008-5006).
  • Ludwig Nussel reported an off-by-one error in the rfc822_output_char() function in the RFC822BUFFER routines in the c-client library, as used by the UW IMAP toolkit (CVE-2008-5514)...
Click Here!