FreeBSD : Cyrus IMAPd -- FETCH command out of bounds memory corruption (c0a269d5-3d16-11d9-8818-008088034841)
Critical Nessus Plugin ID 19109
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like 'body[p', 'binary[p' or 'binary[p' will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process.
When the parser triggers the PARSE_PARTIAL macro after such a malformed argument was received this can lead to a similiar one byte memory corruption and allows remote code execution, when the heap layout was successfully controlled by the attacker.
SolutionUpdate the affected packages.