IMAP.LOGIN.Command.Buffer.Overflow
Description
This vulnerability affects the Cyrus IMAP server. The vulnerability is a stack-based LOGIN buffer overflow. The application fails to check the username length before it is copied into a temporary stack buffer, making a buffer overflow possible. A remote attacker may exploit this to cause denial of service or execute arbitrary code leading to system compromise.
Affected Products
Cyrus IMAP server 2.2.8 and earlier.
Apple Mac OS X Server 10.3.8 and earlier.
Impact
Denial of service, arbitrary code execution.
Recommended Actions
Update to Cyrus IMAP version 2.2.10 or later.
Apple Mac OS X Server update 2005-003
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2022-09-13 | 22.391 | Sig Added |