Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability Network Vulnerability

Summary

Cyrus IMAP Server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of- service condition. Cyrus IMAP Server versions prior to 2.3.17 and 2.4.11 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200
http://cyrusimap.web.cmu.edu/
http://www.securityfocus.com/bid/49534

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3208

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities