Summary
Cyrus IMAP Server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of- service condition.
Cyrus IMAP Server versions prior to 2.3.17 and 2.4.11 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2011-3208 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
- 3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability
- BigAntSoft BigAnt IM Message Server Multiple Vulnerabilities
- CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)