CVE-2008-5006

Summary

CVE	CVE-2008-5006
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-11-10 14:12:00 UTC
Updated	2017-08-08 01:33:00 UTC
Description	smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.

Risk And Classification

Problem Types: CWE-399 | NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	University Of Washington	Imap Toolkit	2007b	All	All	All
Application	University Of Washington	Imap Toolkit	2007b	All	All	All

References

Reference	Source	Link	Tags
oss-security - Re: CVE request - uw-imap	MLIST	www.openwall.com
University of Washington IMAP 'smtp.c' Null Pointer Dereference Denial of Service Vulnerability	BID	www.securityfocus.com
Security Alerts - Secunia	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Support / Security / Advisories / / MDVSA-2009:146 \| Mandriva	MANDRIVA	www.mandriva.com
Debian -- Security Information -- DSA-1685-1 uw-imap	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2009-01-30	Tomas Hoger	The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5.

There are currently no legacy QID mappings associated with this CVE.