| VID |
18079 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
The Cyrus IMAP server, according to its banner, has multiple buffer overflow vulnerabilities(2). Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon for Unix and Linux operating systems. Cyrus IMAP Server versions prior to 2.2.11 are vulnerable to multiple buffer overflows. These vulnerabilities can be exploited by a remote attacker to cause a DoS (Denial of Service) and execute arbitrary code on a vulnerable system:
1) An off-by-one boundary error in the mailbox handling can be exploited by malicious, authenticated users to cause a buffer overflow.
2) An off-by-one boundary error in the imapd annotate extension can be exploited by malicious, authenticated users to cause a buffer overflow.
3) An unspecified boundary error in fetchnews can be exploited by peer news admins to cause a stack-based buffer overflow.
4) An unspecified boundary error in backend can be exploited by malicious administrative users to cause a stack-based buffer overflow.
5) An unspecified boundary error in imapd can be exploited by malicious users on certain platforms to cause a stack-based buffer overflow.
* Note: This check solely relied on the banner of the remote IMAP server to assess this vulnerability, so this might be a false positive.
* References:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
http://secunia.com/advisories/14383/
* Platforms Affected:
Carnegie Mellon University, Cyrus IMAP Server versions prior to 2.2.11
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Cyrus IMAP Server (2.2.11 or later), available from the Cyrus Software Download Web page at http://asg.web.cmu.edu/cyrus/download/ |
| Related URL |
CVE-2005-0546 (CVE) |
| Related URL |
12636 (SecurityFocus) |
| Related URL |
19454,19455,19458,19459,19460 (ISS) |
|
