RedHat-6.0 is not vulnerable because it ships with imap-4.5,
which has this hole fixed.
However, RedHat-5.2 and Redhat-4.2 ship with imap-4.4, which
has this REMOTE security hole. You probably want to ship an
errata upgrading to imap-4.5
imap-4.5-0.5.2 # <= for Red Hat 5.x
imap-4.5-0.4.2 # <= for Red Hat 4.x
Thanks for the report.
These should go out as errata and need to be tested.
Signed packages copied to ftp site.