58992 – (CVE-2004-0224) VUL-0: CVE-2004-0224: courier-imap: possible remote code execution problem

Bug 58992 (CVE-2004-0224) - VUL-0: CVE-2004-0224: courier-imap: possible remote code execution problem

Summary: VUL-0: CVE-2004-0224: courier-imap: possible remote code execution problem

Status:	RESOLVED WONTFIX

Alias:	CVE-2004-0224

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Thorsten Kukuk
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2004-0224: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2004-08-19 23:23 UTC by Ludwig Nussel
Modified:	2021-10-24 13:51 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ludwig Nussel 2004-08-19 23:23:22 UTC

As reply to the advisory on full-disclosure handled in Bug 58991
someone pointed to CAN-2004-0224 which describes a possible DoS or
remote code execution problem in courier-imap 2.x, See

http://secunia.com/advisories/11087/
http://www.securityfocus.com/bid/9845/discussion/

Although it's an older bug we don't seem to have this patched.

Comment 1 Thorsten Kukuk 2004-08-20 00:15:45 UTC

There is no fix available for our version, it isn't even clear 
that our version is infected by this (may be), this languages are 
not enabled per default in our version, a version update is not 
possible and it is a leaf package: The "major" is already questianable, 
so we have to ignore this _possible_ problem.

Comment 2 Thomas Biege 2009-10-13 19:47:14 UTC

CVE-2004-0224: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)