Summary
Cyrus IMAP Server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of- service condition.
Cyrus IMAP Server versions prior to 2.3.17 and 2.4.11 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2011-3208 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- Apple QuickTime Multiple Vulnerabilities - Sep09
- Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
- DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
- A-V Tronics InetServ POP3 Denial Of Service Vulnerability