Article Source Gentoo Linux Security Advisories
Multiple vulnerabilities were found in the UW IMAP toolkit:
- Aron Andersson and Jan Sahlin of Bitsec reported boundary errors in the “tmail” and “dmail” utilities when processing overly long mailbox names, leading to stack-based buffer overflows (CVE-2008-5005).
- An error in smtp.c in the c-client library was found, leading to a NULL pointer dereference vulnerability (CVE-2008-5006).
- Ludwig Nussel reported an off-by-one error in the rfc822_output_char() function in the RFC822BUFFER routines in the c-client library, as used by the UW IMAP toolkit (CVE-2008-5514)…