260115 – (CVE-2009-0671) net-libs/c-client format string vulnerability (CVE-2009-0671)

Bug 260115 (CVE-2009-0671) - net-libs/c-client format string vulnerability (CVE-2009-0671)

Summary: net-libs/c-client format string vulnerability (CVE-2009-0671)

Status:	RESOLVED INVALID

Alias:	CVE-2009-0671

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://packetstormsecurity.org/0902-e...
Whiteboard:	B2 [ebuild]
Keywords:

Depends on:
Blocks:	255121 260117
	Show dependency tree

Reported:	2009-02-24 11:40 UTC by Robert Buchholz (RETIRED)
Modified:	2009-02-25 16:09 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-02-24 11:40:27 UTC

CVE-2009-0671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0671):
  Format string vulnerability in the University of Washington (UW)
  c-client library, as used by the UW IMAP toolkit imap-2007d and other
  applications, allows remote attackers to execute arbitrary code via
  format string specifiers in the initial request to the IMAP port
  (143/tcp).

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2009-02-24 11:43:36 UTC

Red Hat is disputing this issue, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0671

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-02-25 16:09:11 UTC

The CVE will be REJECTED, both upstream and other researchers could not confirm this report.