Cyrus IMAP Server < 2.2.10 Multiple Remote Overflows

High Nessus Plugin ID 15819


The remote IMAP server has multiple buffer overflow vulnerabilities.


According to its banner, the remote Cyrus IMAPD server is vulnerable to one pre-authentication buffer overflow, as well as three post- authentication buffer overflows. A remote attacker could exploit these issues to crash the server, or possibly execute arbitrary code.


Upgrade to Cyrus IMAPD 2.2.10 or later.

Plugin Details

Severity: High

ID: 15819

File Name: cyrus_imap_multiple_overflow.nasl

Version: $Revision: 1.23 $

Type: remote

Published: 2004/11/23

Modified: 2016/11/17

Dependencies: 11196

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cmu:cyrus_imap_server

Required KB Items: Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/11/22

Reference Information

CVE: CVE-2004-1011, CVE-2004-1012, CVE-2004-1013, CVE-2004-1015, CVE-2004-1067

BID: 11729, 11738

OSVDB: 12096, 12097, 12098, 12290, 12348