Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17034
http://www.trustix.net/errata/2004/0043/