CVE-2008-5006

Name of the Vulnerable Software and Affected Versions University of Washington IMAP Toolkit versions prior to 2007b uw-imapd-ssl (affected versions not specified) uw-mailutils (affected versions not specified) libc-client-dev (affected versions not specified) uw-imapd (affected versions not specified) libc-client2002edebian (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the University of Washington IMAP Toolkit and related packages in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Specifically, a vulnerability in the c-client library allows remote SMTP servers to cause a denial of service by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.

Recommendations For University of Washington IMAP Toolkit version prior to 2007b: Update to version 2007b or later to resolve the issue. For uw-imapd-ssl: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For uw-mailutils: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For libc-client-dev: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For uw-imapd: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For libc-client2002edebian: At the moment, there is no information about a newer version that contains a fix for this vulnerability.