10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.118 Low
EPSS
Percentile
95.3%
CentOS Errata and Security Advisory CESA-2009:0275
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access protocols.
A buffer overflow flaw was discovered in the dmail and tmail mail delivery
utilities shipped with imap. If either of these utilities were used as a
mail delivery agent, a remote attacker could potentially use this flaw to
run arbitrary code as the targeted user by sending a specially-crafted mail
message to the victim. (CVE-2008-5005)
Users of imap should upgrade to these updated packages, which contain a
backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-February/077804.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077806.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077807.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077808.html
Affected packages:
imap
imap-devel
imap-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0275
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | ia64 | imap | < 2002d-15 | imap-2002d-15.ia64.rpm |
CentOS | 3 | ia64 | imap-devel | < 2002d-15 | imap-devel-2002d-15.ia64.rpm |
CentOS | 3 | ia64 | imap-utils | < 2002d-15 | imap-utils-2002d-15.ia64.rpm |
CentOS | 3 | ia64 | imap | < 2002d-15 | imap-2002d-15.ia64.rpm |
CentOS | 3 | ia64 | imap-devel | < 2002d-15 | imap-devel-2002d-15.ia64.rpm |
CentOS | 3 | ia64 | imap-utils | < 2002d-15 | imap-utils-2002d-15.ia64.rpm |
CentOS | 3 | s390 | imap | < 2002d-15 | imap-2002d-15.s390.rpm |
CentOS | 3 | s390 | imap-devel | < 2002d-15 | imap-devel-2002d-15.s390.rpm |
CentOS | 3 | s390 | imap-utils | < 2002d-15 | imap-utils-2002d-15.s390.rpm |
CentOS | 3 | s390x | imap | < 2002d-15 | imap-2002d-15.s390x.rpm |