Red Hat Bugzilla – Bug 97342
CAN-2003-0279 c-client imap client
Last modified: 2007-11-30 17:06:53 EST
CAN-2003-0297 found by bugtraq May14
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows
remote malicious IMAP servers to cause a denial of service (crash) and
possibly execute arbitrary code via certain large (1) literal and (2)
mailbox size values that cause either integer signedness errors or
integer overflow errors.
Not yet investigated impact on Red Hat Linux (does this affect earlier versions
This affects RHEL2.1 and can allow a remote IMAP server the ability to
Created attachment 107825 [details]
Proposed patch based on code in imap-2002c
I've attached a patch, however there is similar code in
imap_parse_extension that isn't fixed that looks like it could do with
the same fix at first glance (if so then we need to fix imap-2002d as
in RHEL3 as well).
This issue should now be resolved in pine-4.44-20, currently in
QA testing. Setting bug to "MODIFIED" state.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.