FreeBSD : Cyrus IMAP pre-authentication heap overflow vulnerability (35f6fdf8-a425-11d8-9c6d-0020ed76ef5a)
High Nessus Plugin ID 36492
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionIn December 2002, Timo Sirainen reported :
Cyrus IMAP server has a remotely exploitable pre-login buffer overflow. [...] Note that you don't have to log in before exploiting this, and since Cyrus runs everything under one UID, it's possible to read every user's mail in the system.
It is unknown whether this vulnerability is exploitable for code execution on FreeBSD systems.
SolutionUpdate the affected packages.