Intrusion PreventionIMAP.LOGIN.Command.Buffer.Overflow
Description
This vulnerability affects the Cyrus IMAP server. The vulnerability is a stack-based LOGIN buffer overflow. The application fails to check the username length before it is copied into a temporary stack buffer, making a buffer overflow possible. A remote attacker may exploit this to cause denial of service or execute arbitrary code leading to system compromise.
Affected Products
Cyrus IMAP server 2.2.8 and earlier.
Apple Mac OS X Server 10.3.8 and earlier.
Impact
Denial of service, arbitrary code execution.
Recommended Actions
Update to Cyrus IMAP version 2.2.10 or later.
Apple Mac OS X Server update 2005-003
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-09-13 | 22.391 | Sig Added |
| ID | 10029 |
| Created | Jun 07, 2005 |
| Updated | Sep 12, 2022 |
| Risk |
|
| CVE ID | CVE-2008-7182 CVE-2004-1011 |
| Exploit Prediction Score | 63.38% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, MacOS |
| Affected App | Other |