Bug 58992 (CVE-2004-0224)

Summary: VUL-0: CVE-2004-0224: courier-imap: possible remote code execution problem
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Thorsten Kukuk <kukuk>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0224: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2004-08-19 23:23:22 UTC 
As reply to the advisory on full-disclosure handled in Bug 58991
someone pointed to CAN-2004-0224 which describes a possible DoS or
remote code execution problem in courier-imap 2.x, See

http://secunia.com/advisories/11087/
http://www.securityfocus.com/bid/9845/discussion/

Although it's an older bug we don't seem to have this patched.
Comment 1 Thorsten Kukuk 2004-08-20 00:15:45 UTC 
There is no fix available for our version, it isn't even clear 
that our version is infected by this (may be), this languages are 
not enabled per default in our version, a version update is not 
possible and it is a leaf package: The "major" is already questianable, 
so we have to ignore this _possible_ problem.
Comment 2 Thomas Biege 2009-10-13 19:47:14 UTC 
CVE-2004-0224: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)