This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The Cyrus IMAP Server ChangeLog states :
- Fix possible single byte overflow in mailbox handling code.
- Fix possible single byte overflows in the imapd annotate extension.
- Fix stack-based buffer overflows in fetchnews (exploitable by peer news
server), backend (exploitable by admin), and in imapd (exploitable by
users though only on platforms where a filename may be larger than a
The 2.1.X series are reportedly only affected by the second issue.
These issues may lead to execution of arbitrary code with the
permissions of the user running the Cyrus IMAP Server.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false