Description
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Affected products
- university_of_washington / imap2007d
- university_of_washington / imap2000 – 2000
- university_of_washington / imap2000a – 2000a
- university_of_washington / imap2000b – 2000b
- university_of_washington / imap2000c – 2000c
- university_of_washington / imap2001 – 2001
- university_of_washington / imap2001a – 2001a
- university_of_washington / imap2002 – 2002
- university_of_washington / imap2002a – 2002a
- university_of_washington / imap2002b – 2002b
- university_of_washington / imap2002c – 2002c
- university_of_washington / imap2002d – 2002d
- university_of_washington / imap2002e – 2002e
- university_of_washington / imap2002f – 2002f
- university_of_washington / imap2004 – 2004
- university_of_washington / imap2004a – 2004a
- university_of_washington / imap2004b – 2004b
- university_of_washington / imap2004c – 2004c
- university_of_washington / imap2004d – 2004d
- university_of_washington / imap2004e – 2004e
- university_of_washington / imap2004f – 2004f
- university_of_washington / imap2004g – 2004g
- university_of_washington / imap2006 – 2006
- university_of_washington / imap2006a – 2006a
- university_of_washington / imap2006b – 2006b
- university_of_washington / imap2006c – 2006c
- university_of_washington / imap2006d – 2006d
- university_of_washington / imap2006e – 2006e
- university_of_washington / imap2006f – 2006f
- university_of_washington / imap2006g – 2006g
- university_of_washington / imap2006h – 2006h
- university_of_washington / imap2006i – 2006i
- university_of_washington / imap2006j – 2006j
- university_of_washington / imap2006k – 2006k
- university_of_washington / imap2007 – 2007
- university_of_washington / imap2007a – 2007a
- university_of_washington / imap2007b – 2007b
References
- MISChttp://www.washington.edu/imap/documentation/RELNOTES.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/33275
- MISChttp://www.securityfocus.com/bid/32958
- VENDOR_ADVISORYhttp://secunia.com/advisories/33638
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/47526
- MISChttp://securitytracker.com/id?1021485
- MISChttps://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=477227
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/3490
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:146