thr3ads.net - Secure testing team - [Secure-testing-team] Bug#510918: CVE-2008-5514: Off-by-one error [Jan 2009]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2009-Jan-05 23:06 UTC

[Secure-testing-team] Bug#510918: CVE-2008-5514: Off-by-one error

Package: uw-imap
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uw-imap.

CVE-2008-5514[0]:
| Off-by-one error in the rfc822_output_char function in the
| RFC822BUFFER routines in the University of Washington (UW) c-client
| library, as used by the UW IMAP toolkit before imap-2007e and other
| applications, allows context-dependent attackers to cause a denial of
| service (crash) via an e-mail message that triggers a buffer overflow.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

The issue has been fixed in lenny already via the latest DTSA. The patch
just needs to be applied for sid.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514
    http://security-tracker.debian.net/tracker/CVE-2008-5514

Secure testing team - Jan 2009 - Bug#510918: CVE-2008-5514: Off-by-one error

[Secure-testing-team] Bug#510918: CVE-2008-5514: Off-by-one error