FreeBSD : Cyrus IMAPd -- FETCH command out of bounds memory corruption (c0a269d5-3d16-11d9-8818-008088034841)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The argument parser of the fetch command suffers a bug very similiar
to the partial command problem. Arguments like 'body[p', 'binary[p' or
'binary[p' will be wrongly detected and the bufferposition can point
outside of the allocated buffer for the rest of the parsing process.
When the parser triggers the PARSE_PARTIAL macro after such a
malformed argument was received this can lead to a similiar one byte
memory corruption and allows remote code execution, when the heap
layout was successfully controlled by the attacker.

See also :

http://www.nessus.org/u?25075052
http://www.nessus.org/u?7f8c5321

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19109 (freebsd_pkg_c0a269d53d1611d98818008088034841.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1013

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now