Bug 184073

Remote exploitation of a buffer overflow vulnerability in the University
of Washington's IMAP Server (UW-IMAP) allows attackers to execute
arbitrary code. (quote from iDefense advisory, see
http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities&id=313)

All versions of imap < imap-2004g are affected. This includes RHL 7.3, RHL 9,
and probably most FC versions.

RH used the following patch to fix the issue in RHEL 2.1:
--snip--
Fix for CAN-2005-2933, from iDefense's advisory.

diff -uNr imap-2001a/src/c-client/mail.c imap-2004g/src/c-client/mail.c
--- imap-2001a/src/c-client/mail.c	2001-11-13 14:29:07.000000000 -0500
+++ imap-2004g/src/c-client/mail.c	2005-09-15 12:57:07.000000000 -0400
@@ -587,8 +587,10 @@
       if (c == '=') {		/* parse switches which take arguments */
 	if (*t == '"') {	/* quoted string? */
 	  for (v = arg,i = 0,++t; (c = *t++) != '"';) {
+	    if (!c) return NIL;	/* unterminated string */
 				/* quote next character */
 	    if (c == '\\') c = *t++;
+	    if (!c) return NIL;	/* can't quote NUL either */
 	    arg[i++] = c;
 	  }
 	  c = *t++;		/* remember delimiter for later */
--snip--
more or less the same patch is applicable to other versions as well.