Bug 97342 - (CAN-2003-0279) CAN-2003-0279 c-client imap client
CAN-2003-0279 c-client imap client
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: pine (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Mike A. Harris
Ben Levenson
: Security
Depends On:
Blocks: 132992
  Show dependency treegraph
Reported: 2003-06-13 09:04 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-12 13:40:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch based on code in imap-2002c (808 bytes, patch)
2004-12-03 05:53 EST, Mark J. Cox (Product Security)
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2003-06-13 09:04:36 EDT
CAN-2003-0297 found by bugtraq May14

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows
remote malicious IMAP servers to cause a denial of service (crash) and
possibly execute arbitrary code via certain large (1) literal and (2)
mailbox size values that cause either integer signedness errors or
integer overflow errors.


Not yet investigated impact on Red Hat Linux (does this affect earlier versions
of Pine?).
Comment 1 Mark J. Cox (Product Security) 2004-12-03 05:52:41 EST
This affects RHEL2.1 and can allow a remote IMAP server the ability to
crash Pine.
Comment 2 Mark J. Cox (Product Security) 2004-12-03 05:53:34 EST
Created attachment 107825 [details]
Proposed patch based on code in imap-2002c
Comment 3 Mark J. Cox (Product Security) 2004-12-03 05:54:36 EST
I've attached a patch, however there is similar code in
imap_parse_extension that isn't fixed that looks like it could do with
the same fix at first glance (if so then we need to fix imap-2002d as
in RHEL3 as well).
Comment 4 Mark J. Cox (Product Security) 2004-12-14 07:29:17 EST
For U7
Comment 6 Mike A. Harris 2004-12-21 06:57:11 EST
This issue should now be resolved in pine-4.44-20, currently in
QA testing.  Setting bug to "MODIFIED" state.
Comment 7 Josh Bressers 2005-01-12 13:40:04 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.