Cyrus IMAPD < 2.2.10 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 2425
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionAccording to its banner, the remote Cyrus IMAPD server is vulnerable to a pre-login buffer overflow. Cyrus IMAP server is also vulnerable to three other buffer overflows after authentication. An attacker with or without a valid login could exploit these issues, and would be able to execute arbitrary commands as the owner of the Cyrus process.
SolutionUpgrade to Cyrus IMAPD 2.2.10 or higher.