How to Buy
This script is Copyright (C) 2002-2016 Paul Johnston, Westpoint Ltd
The remote IMAP server is affected by a remote integer overflow
According to its banner, the remote Cyrus IMAP server is vulnerable to
a pre-login buffer overrun.
An attacker without a valid login could exploit this, and would be
able to execute arbitrary commands as the owner of the Cyrus process.
This would allow full access to all users' mailboxes.
See also :
If possible, upgrade to an unaffected version. However, at
the time of writing no official fix was available. There is a source
patch against 2.1.10 in the Bugtraq report.
Risk factor :
High / CVSS Base Score : 7.5
Family: Gain a shell remotely
Nessus Plugin ID: 11196 (cyrus_imap_prelogin_overflow.nasl)
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.