Cyrus-imsp Abook_dbname Buffer Overflow Network Vulnerability

Summary

The remote host is running a version of cyrus-imsp (Internet Message Support Protocol) which has a buffer overflow bug. An attacker could exploit this bug to execute arbitrary code on this system with the privileges of the root user. The overflow occurs when the user issues a too long argument as his name, causing an overflow in the abook_dbname function command.

Solution

Upgrade cyrus-imsp server to version version 1.6a4 or 1.7a

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CUPS < 1.1.23 Multiple Vulnerabilities
Format string on HTTP header value
rsync path sanitation vulnerability
Webserver4everyone too long URL
PKCS 1 Version 1.5 Session Key Retrieval

cyrus-imsp abook_dbname buffer overflow

Take action and discover your vulnerabilities