7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.381 Low
EPSS
Percentile
96.9%
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access protocols.
A buffer overflow flaw was discovered in the way the c-client library
parses user supplied mailboxes. If an authenticated user requests a
specially crafted mailbox name, it may be possible to execute arbitrary
code on a server that uses the library. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-2933 to this issue.
All users of imap should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | imap | < 2002d-12 | imap-2002d-12.i386.rpm |
RedHat | any | i386 | imap-devel | < 2001a-19 | imap-devel-2001a-19.i386.rpm |
RedHat | any | x86_64 | imap | < 2002d-12 | imap-2002d-12.x86_64.rpm |
RedHat | any | s390 | imap-utils | < 2002d-12 | imap-utils-2002d-12.s390.rpm |
RedHat | any | ppc | imap-devel | < 2002d-12 | imap-devel-2002d-12.ppc.rpm |
RedHat | any | i386 | imap | < 2001a-19 | imap-2001a-19.i386.rpm |
RedHat | any | s390 | imap | < 2002d-12 | imap-2002d-12.s390.rpm |
RedHat | any | ia64 | imap-utils | < 2002d-12 | imap-utils-2002d-12.ia64.rpm |
RedHat | any | i386 | imap-utils | < 2002d-12 | imap-utils-2002d-12.i386.rpm |
RedHat | any | ppc | imap-utils | < 2002d-12 | imap-utils-2002d-12.ppc.rpm |