Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2005:850
HistoryDec 06, 2005 - 4:20 p.m.

imap security update

2005-12-0616:20:14
CentOS Project
lists.centos.org
49

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON

CentOS Errata and Security Advisory CESA-2005:850

The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access protocols.

A buffer overflow flaw was discovered in the way the c-client library
parses user supplied mailboxes. If an authenticated user requests a
specially crafted mailbox name, it may be possible to execute arbitrary
code on a server that uses the library. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2933 to this issue.

All users of imap should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-December/074613.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074614.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074620.html
https://lists.centos.org/pipermail/centos-announce/2005-December/074626.html

Affected packages:
imap
imap-devel
imap-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:850

Related

securityvulns 2
redhat 4
openvas 6
nessus 14
ubuntucve 1
gentoo 1
freebsd 1
cve 1
debiancve 1
centos 4
debian 2
cert 1
securityvulns
securityvulns
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities.
2005-10-27 00:00:00
[Full-disclosure] iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
2005-10-05 00:00:00
redhat
redhat
(RHSA-2005:848) libc-client security update
2005-12-06 00:00:00
(RHSA-2005:850) imap security update
2005-12-06 00:00:00
(RHSA-2006:0276) php security update
2006-04-25 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-861-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200510-10 (uw-imap)
2008-09-24 00:00:00
FreeBSD Ports: imap-uw
2008-09-04 00:00:00
nessus
nessus
GLSA-200510-10 : uw-imap: Remote buffer overflow
2005-10-19 00:00:00
UW-IMAP Mailbox Name Buffer Overflow
2005-10-06 00:00:00
RHEL 2.1 / 3 : imap (RHSA-2005:850)
2005-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2005-2933
2005-10-13 00:00:00
gentoo
gentoo
uw-imap: Remote buffer overflow
2005-10-11 00:00:00
freebsd
freebsd
imap-uw -- mailbox name handling remote buffer vulnerability
2005-10-05 00:00:00
cve
cve
CVE-2005-2933
2005-10-13 22:02:00
debiancve
debiancve
CVE-2005-2933
2005-10-13 22:02:00
centos
centos
imap security update
2005-12-07 00:43:29
libc security update
2005-12-06 17:48:48
php security update
2006-04-25 15:25:25
debian
debian
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution
2005-10-11 06:26:12
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution
2005-10-11 06:26:12
cert
cert
UW-IMAP vulnerable to a buffer overflow
2005-10-17 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.381 Low

EPSS

Percentile

97.2%

JSON
Related for CESA-2005:850
securityvulns2redhat4openvas6nessus14ubuntucve1gentoo1freebsd1cve1debiancve1centos4debian2cert1