7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.2%
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols.
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297
to this issue.
Users of imap are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | imap-devel | < 2001a-11.0as | imap-devel-2001a-11.0as.ia64.rpm |
RedHat | any | ia64 | imap | < 2001a-11.0as | imap-2001a-11.0as.ia64.rpm |
RedHat | any | i386 | imap-devel | < 2001a-11.0as | imap-devel-2001a-11.0as.i386.rpm |
RedHat | any | i386 | imap | < 2001a-11.0as | imap-2001a-11.0as.i386.rpm |