Search for packages
| purl | pkg:deb/debian/uw-imap@7:2007b~dfsg-4%2Blenny3 |
| Next non-vulnerable version | 8:2007f~dfsg-6 |
| Latest non-vulnerable version | 8:2007f~dfsg-6 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fdg1-sfty-aaag
Aliases: CVE-2008-5005 |
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program. |
Affected by 1 other vulnerability. |
|
VCID-qz7z-7vbe-aaag
Aliases: CVE-2008-5006 |
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code. |
Affected by 1 other vulnerability. |
|
VCID-tz8v-ae8r-aaaa
Aliases: CVE-2018-19518 |
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T16:27:22.896028+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:13:57.149998+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:26:24.133274+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T01:29:02.490148+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | None | 36.1.3 |
| 2025-06-20T21:30:59.391694+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | None | 36.1.3 |
| 2025-06-20T21:06:02.169469+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | None | 36.1.3 |
| 2025-06-08T12:42:02.528597+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:09:02.887589+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:13:19.016054+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:18:59.589763+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:48:08.220105+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:51:56.371904+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | None | 36.1.0 |
| 2025-06-07T14:53:26.276195+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | None | 36.1.0 |
| 2025-06-07T14:31:58.891318+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | None | 36.1.0 |
| 2025-04-12T21:53:56.090213+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:28:49.453164+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:54:37.652693+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:45:14.515325+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:50:03.059886+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:19:12.867210+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:29:45.572247+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | None | 36.0.0 |
| 2025-04-07T13:25:28.791593+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | None | 36.0.0 |
| 2025-04-07T13:04:06.222429+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | None | 36.0.0 |
| 2024-11-26T20:30:18.621712+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-26T20:28:47.268596+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-12T20:11:19.149692+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-12T20:10:39.916357+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T17:20:13.089111+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T17:19:46.860498+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |