CAN-2003-0297 found by bugtraq May14 c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2 Not yet investigated impact on Red Hat Linux (does this affect earlier versions of Pine?).
This affects RHEL2.1 and can allow a remote IMAP server the ability to crash Pine.
Created attachment 107825 [details] Proposed patch based on code in imap-2002c
I've attached a patch, however there is similar code in imap_parse_extension that isn't fixed that looks like it could do with the same fix at first glance (if so then we need to fix imap-2002d as in RHEL3 as well).
For U7
This issue should now be resolved in pine-4.44-20, currently in QA testing. Setting bug to "MODIFIED" state.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-015.html