FreeBSD : Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow (816fdd8b-3d14-11d9-8818-008088034841)
Critical Nessus Plugin ID 19004
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionWhen the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before any kind of authentification took place.
SolutionUpdate the affected package.