RHEL 2.1 : imap (RHSA-2005:114)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated imap packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols.

A buffer overflow flaw was found in the c-client IMAP client. An
attacker could create a malicious IMAP server that if connected to by
a victim could execute arbitrary code on the client machine. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0297 to this issue.

Users of imap are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0297.html
http://rhn.redhat.com/errata/RHSA-2005-114.html

Solution :

Update the affected imap and / or imap-devel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17147 ()

Bugtraq ID:

CVE ID: CVE-2003-0297