RHEL 3 : imap (RHSA-2009:0275)

Critical Nessus Plugin ID 35721


The remote Red Hat host is missing one or more security updates.


Updated imap packages to fix a security issue are now available for Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols.

A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially crafted mail message to the victim.

Users of imap should upgrade to these updated packages, which contain a backported patch to resolve this issue.


Update the affected imap, imap-devel and / or imap-utils packages.

See Also



Plugin Details

Severity: Critical

ID: 35721

File Name: redhat-RHSA-2009-0275.nasl

Version: $Revision: 1.18 $

Type: local

Agent: unix

Published: 2009/02/20

Modified: 2017/01/03

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:imap, p-cpe:/a:redhat:enterprise_linux:imap-devel, p-cpe:/a:redhat:enterprise_linux:imap-utils, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2009/02/19

Reference Information

CVE: CVE-2008-5005

RHSA: 2009:0275

CWE: 119