See http://www.securityfocus.com/vdb/bottom.html?vid=1110 From the discussion there: A buffer overflow exists in imapd4r1 version 12.264. The vulnerability exists in the list command. By supplying a long, well crafted buffer as the second argument to the list command, it becomes possible to execute code on the machine. Executing the list command requires an account on the machine. In addition, privileges have been dropped in imapd prior to the location of the buffer overrun. As such, this vulnerability would only be useful in a scenario where a user has an account, but no shell level access. This would allow them to gain shell access. This version of imapd is the one shipped with RedHat Linux 6.2.
assigned to the new owner
Reassigning to myself.
This bug I believe was fixed ages ago but the report not updated and was misassigned to nalin. The latest errata should fix this problem for all releases, but I will await confirmation before closing the report.
Also see RHSA-2002:092