|
|
|
Vulnerability Note VU#740169Cyrus IMAP Server contains a buffer overflow vulnerabilityOverviewA buffer overflow vulnerability exists in versions of Cyrus IMAP Server up to and including 2.1.10. This vulnerability may allow a remote attacker to execute arbitrary code on the mail server with the privileges of the Cyrus IMAP Server.I. DescriptionCyrus IMAP Server is an e-mail application that uses the Internet Message Access Protocol (lMAP). Versions prior to 2.1.10 and 2.0.16 contain a buffer overflow vulnerability that may be exploited prior to authentication to the IMAP server. This vulnerability may allow a remote attacker to execute arbitrary code on the mail server with the privileges of the Cyrus IMAP Server. Exploitation of this vulnerability may also be limited by the implementation of malloc() being used on the system.II. ImpactA remote attacker can execute arbitrary code on the system with the privileges of the Cyrus IMAP Server. This is not typically root, but may lead to the ability to read all mail on the system.III. SolutionThis issue is resolved in version 2.1.11 and 2.0.17.Version 1.x is not supported and there are no plans for any new releases for this series. Users are urged to upgrade to 2.0.17 or 2.1.11.
References
This vulnerability was discovered by Timo Sirainen. This document was written by Jason A Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
Get Adobe Reader