Cyrus IMAP server prior 2.1.11 pre-login buffer overflow 1.0
 
Plugin ID338
Plugin nameCyrus IMAP server prior 2.1.11 pre-login buffer overflow
Plugin filenameCyrus IMAP server prior 2.1.11 pre-login buffer overflow.plugin
Plugin filesize2721 bytes
Plugin familySMTP
Plugin created nameMarc Ruef
Plugin created emailmarc.ruef at computec.ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2005/01/09
Plugin version1.0
Plugin protocoltcp
Plugin port143
Plugin procedure detectionopen|sleep|close|pattern_exists *OK*Cyrus IMAP4 v[0-1].*server ready* OR *OK*Cyrus IMAP4 v2.0.#*server ready* OR *OK*Cyrus IMAP4 v2.1.[0-9] *server ready* OR *OK*Cyrus IMAP4 v2.1.1[0-1]*server ready*
Plugin detection accuracy80
Plugin commentThe NASL script is Copyright (C) 2002 Paul Johnston, Westpoint Ltd
Bug advisoryhttp://online.securityfocus.com/archive/1/301864
Bug produced nameCyrus
Bug affectedCyrus IMAP server prior 2.1.11
Bug not affectedCyrus IMAP server newer than 2.1.11
Bug vulnerability classBuffer Overflow
Bug descriptionAccording to its banner, the remote Cyrus IMAP server is vulnerable to a pre-login buffer overrun. An attacker without a valid login could exploit this, and would be able to execute arbitrary commands as the owner of the Cyrus process. This would allow full access to all users' mailboxes. More information : http://online.securityfocus.com/archive/1/301864
Bug solutionIf possible, upgrade to an unaffected version. However, at the time of writing no official fix was available. There is a source patch against 2.1.10 in the Bugtraq report.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityMaybe
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity6
Bug simplicity7
Bug impact9
Bug risk7
Bug Nessus riskHigh
Bug check toolsNessus can check this flaw with the plugin 11196 (Cyrus IMAP pre-login buffer overrun).
Source Nessus ID11196
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.