Cyrus IMAP pre-login buffer overflow

Published: 2005-11-03 13:08:04
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Recommendations:
If possible, upgrade to an unaffected version. However, at the time of writing no official fix was available. There is a source patch against 2.1.10 in the referenced Bugtraq report.

Summary:
According to its banner, the remote Cyrus IMAP server is vulnerable to a pre-login buffer overrun.

Impact:
An attacker without a valid login could exploit this, and would be able to execute arbitrary commands as the owner of the Cyrus process. This would allow full access to all users' mailboxes.

Solution Type:
Mitigation

Detection Type:
Remote Banner Unreliable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2002-1580

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/6298

References:

http://www.securityfocus.com/archive/1/301864
http://www.securityfocus.com/bid/6298

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.