From eec0031777a2876e094b3d30901803b64afa65b3 Mon Sep 17 00:00:00 2001 From: nectar Date: Wed, 12 May 2004 15:28:50 +0000 Subject: Add old Cyrus IMAP server heap buffer overflow. Reported by: eik --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d3a3b4484bbf..1dcd041ff0e9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -30,6 +30,41 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + Cyrus IMAP pre-authentication heap overflow vulnerability + + + cyrus + 2.0.17 + 2.12.1.11 + + + + +

In December 2002, Timo Sirainen reported:

+
+

Cyrus IMAP server has a a remotely exploitable pre-login + buffer overflow. [...] Note that you don't have to log in + before exploiting this, and since Cyrus + runs everything under one UID, it's possible to read every + user's mail in the system.

+
+

It is unknown whether this vulnerability is exploitable for code + execution on FreeBSD systems.

+ + + + 6298 + http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605 + + + + 2002-12-02 + 2004-05-12 + + + exim buffer overflow when verify = header_syntax is used -- cgit