Apple Computer Inc. Not Affected

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Not Affected

Vendor Statement

Apple does not provide the UW-IMAP Server software for either Mac OS X Client or Mac OS X Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Conectiva Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Cray Inc. Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Debian Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

EMC Corporation Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Engarde Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

F5 Networks Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

FreeBSD Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Fujitsu Not Affected

Notified:  January 17, 2005 Updated: February 08, 2005

Status

Not Affected

Vendor Statement

Name: Fujitsu Status: Not Vulnerable (still under exam) Date Notified: Fri, 28 Jan 2005 12:44:30 +0900 Statement: No statement is currently available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Gentoo Affected

Updated:  February 08, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Gentoo security team has published Gentoo Linux Security Advisory GLSA 200502-02 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Hewlett-Packard Company Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hitachi Not Affected

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Not Affected

Vendor Statement

NOT VULNERABLE HI-UX/WE2 is NOT Vulnerable to this issue. Hitachi Groupmax Mail (IMAP & POP interface) is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM eServer Unknown

Notified:  January 17, 2005 Updated: February 01, 2005

Status

Unknown

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM-zSeries Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Immunix Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Ingrian Networks Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Juniper Networks Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MandrakeSoft Affected

Notified:  January 17, 2005 Updated: February 08, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Mandrakesoft security team has published Mandrakelinux Security Update Advisory MDKSA-2005:026 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Microsoft Corporation Not Affected

Notified:  January 17, 2005 Updated: January 20, 2005

Status

Not Affected

Vendor Statement

Please note that at this point, we have conducted an investigation and are unaware of any Microsoft products affected by the vulnerability as reported.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MontaVista Software Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NEC Corporation Not Affected

Notified:  January 17, 2005 Updated: March 17, 2005

Status

Not Affected

Vendor Statement

* NEC products are NOT susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NetBSD Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Nokia Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Novell Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

OpenBSD Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Openwall GNU/*/Linux Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Red Hat Inc. Affected

Notified:  January 17, 2005 Updated: February 25, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat has published Red Hat Security Advisory RHSA-2005:128 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

SCO-LINUX Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO-UNIX Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sequent Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SGI Affected

Notified:  January 17, 2005 Updated: March 17, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SGI has published SGI Security Advisory 20050301-01-U in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Sony Corporation Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sun Microsystems Inc. Not Affected

Notified:  January 17, 2005 Updated: January 24, 2005

Status

Not Affected

Vendor Statement

Sun is not affected by this vulnerability. Solaris 9 includes version 2003.83 of the University of Washington IMAP/POP3 software on the Companion CD: http://www.sun.com/software/solaris/freeware/index.html as an unsupported package which installs to /opt/sfw, however this version is not affected by this vulnerability. The Sun Java Desktop System doesn't ship any IMAP/POP3 software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SuSE Inc. Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

TurboLinux Affected

Notified:  January 17, 2005 Updated: April 28, 2005

Status

Affected

Vendor Statement

This issue was fixed. Please refer this sites: http://www.turbolinux.com/security/2005/TLSA-2005-32.txt http://www.turbolinux.co.jp/security/2005/TLSA-2005-32j.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Unisys Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

University of Washington Affected

Notified:  January 14, 2005 Updated: January 24, 2005

Status

Affected

Vendor Statement

This problem is fixed in the January 4, 2005 release version of imap-2004b, on: ftp://ftp.cac.washington.edu/mail/imap-2004b.tar.Z The convenience link: ftp://ftp.cac.washington.edu/mail/imap.tar.Z now points to this version.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Wind River Systems Inc. Unknown

Notified:  January 17, 2005 Updated: January 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

View all 39 vendors View less vendors