Summary
The remote host is missing an update to cyrus-imapd announced via advisory DSA 597-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20597-1
Insight
Stefan Esser discovered several security related problems in the Cyrus IMAP daemon. Due to a bug in the command parser it is possible to access memory beyond the allocated buffer in two places which could lead to the execution of arbitrary code.
For the stable distribution (woody) these problems have been fixed in version 1.5.19-9.2
For the unstable distribution (sid) these problems have been fixed in version 2.1.17-1.
We recommend that you upgrade your cyrus-imapd package immediately.
Severity
Classification
-
CVE CVE-2004-1012, CVE-2004-1013 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities