Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability Network Vulnerability

Summary

Cyrus IMAP Server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of- service condition. Cyrus IMAP Server versions prior to 2.3.17 and 2.4.11 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200
http://cyrusimap.web.cmu.edu/
http://www.securityfocus.com/bid/49534

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3208

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
Buffer overflow in Apple Quicktime Player
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09

Take action and discover your vulnerabilities