Nessus Plugin #17206
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200502-29] Cyrus IMAP Server: Multiple overflow vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Cyrus IMAP Server: Multiple overflow vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200502-29
- Description:
- The remote host is affected by the vulnerability described in GLSA-200502-29
(Cyrus IMAP Server: Multiple overflow vulnerabilities)
Possible single byte overflows have been found in the imapd
annotate extension and mailbox handling code. Furthermore stack buffer
overflows have been found in fetchnews, the backend and imapd.
Impact
An attacker, who could be an authenticated user or an admin of a
peering news server, could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Cyrus IMAP
Server.
Workaround
There is no known workaround at this time.
References:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
Solution:
All Cyrus IMAP Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.12"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.