Cyrus IMAP Server login Command Remote Overflow

high Nessus Plugin ID 11196

Synopsis

The remote IMAP server is affected by a remote integer overflow vulnerability.

Description

According to its banner, the remote Cyrus IMAP server is vulnerable to a pre-login buffer overrun. An attacker without a valid login could exploit this, and would be able to execute arbitrary commands as the owner of the Cyrus process.
This would allow full access to all users' mailboxes.

Solution

If possible, upgrade to an unaffected version. However, at the time of writing no official fix was available. There is a source patch against 2.1.10 in the Bugtraq report.

See Also

https://seclists.org/bugtraq/2002/Dec/17

Plugin Details

Severity: High

ID: 11196

File Name: cyrus_imap_prelogin_overflow.nasl

Version: 1.13

Type: remote

Published: 12/20/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:cmu:cyrus_imap_server

Excluded KB Items: imap/false_imap