FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2933

This CVE name corresponds to:

Entered	Topic
2005-10-05	imap-uw -- mailbox name handling remote buffer vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-2933 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2005-2933
Phase	Assigned(20050915)

Description

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

References

Source	Reference
IDEFENSE	20051004 UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
FULLDISC	20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
CONFIRM	http://www.washington.edu/imap/
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
DEBIAN	DSA-861
FEDORA	FLSA:170411
FEDORA	FLSA:184098
GENTOO	GLSA-200510-10
MANDRIVA	MDKSA-2005:189
MANDRIVA	MDKSA-2005:194
REDHAT	RHSA-2005:850
REDHAT	RHSA-2005:848
REDHAT	RHSA-2006:0276
REDHAT	RHSA-2006:0501
REDHAT	RHSA-2006:0549
SGI	20051201-01-U
SGI	20060501-01-U
SLACKWARE	SSA:2005-310-06
SUSE	SUSE-SR:2005:023
CERT-VN	VU#933601
BID	15009
OVAL	oval:org.mitre.oval:def:9858
VUPEN	ADV-2006-2685
SECTRACK	1015000
SECUNIA	17062
SECUNIA	17930
SECUNIA	17148
SECUNIA	17152
SECUNIA	18554
SECUNIA	17483
SECUNIA	17928
SECUNIA	17950
SECUNIA	17215
SECUNIA	17276
SECUNIA	17336
SECUNIA	19832
SECUNIA	20222
SECUNIA	20951
SECUNIA	21252
SECUNIA	21564
SECUNIA	20210
SREASON	47
XF	uw-imap-mailbox-name-bo(22518)