BID:12636

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

Info

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

Bugtraq ID:	12636
Class:	Boundary Condition Error
CVE:	CVE-2005-0546
Remote:	Yes
Local:	No
Published:	Feb 14 2005 12:00AM
Updated:	Mar 19 2015 08:20AM
Credit:	The vendor reported these issues.
Vulnerable:	Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Desktop 4.0 Red Hat Fedora Core3 Red Hat Fedora Core2 Red Hat Enterprise Linux AS 4 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Cyrus SASL 2.2.3 Conectiva Linux 10.0 Conectiva Linux 9.0 Carnegie Mellon University Cyrus IMAP Server 2.2.10 + Conectiva Linux 10.0 + Red Hat Fedora Core3 + Red Hat Fedora Core2 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Carnegie Mellon University Cyrus IMAP Server 2.2.9 Carnegie Mellon University Cyrus IMAP Server 2.2.8 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 Carnegie Mellon University Cyrus IMAP Server 2.2.7 Carnegie Mellon University Cyrus IMAP Server 2.2.6 Carnegie Mellon University Cyrus IMAP Server 2.2.5 Carnegie Mellon University Cyrus IMAP Server 2.2.4 Carnegie Mellon University Cyrus IMAP Server 2.2.3 Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA Carnegie Mellon University Cyrus IMAP Server 2.1.17 + Conectiva Linux 9.0 Carnegie Mellon University Cyrus IMAP Server 2.1.16 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Carnegie Mellon University Cyrus IMAP Server 2.1.10 Carnegie Mellon University Cyrus IMAP Server 2.1.9 + S.u.S.E. Linux 8.1 Carnegie Mellon University Cyrus IMAP Server 2.1.7 Carnegie Mellon University Cyrus IMAP Server 2.0.16 + S.u.S.E. Linux 8.0 i386 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 Carnegie Mellon University Cyrus IMAP Server 2.0.12 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha ALT Linux ALT Linux Junior 2.3 ALT Linux ALT Linux Compact 2.3

Not Vulnerable:	Carnegie Mellon University Cyrus IMAP Server 2.2.11

Discussion

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

Cyrus IMAPD is reported susceptible to multiple remote vulnerabilities. These vulnerabilities include multiple buffer-overflow issues that may allow remote attackers to execute machine code in the context of the server process. This may lead to unauthorized access or privilege escalation.

The following specific issues were identified:

- Multiple one-byte buffer-overflow vulnerabilities affecting the IMAP annotate extension (the mailbox handling code) and the routines that handle cached headers.

- Multiple stack-based overflow vulnerabilities affecting fetchnews, backend, and imapd.

Cyrus IMAPD 2.0.11 and prior versions are affected by these issues.

Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.

Exploit / POC

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Solution / Fix

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

Solution:

Please see the referenced advisories for more information.

Carnegie Mellon University Cyrus IMAP Server 2.0.12

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.0.16

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.1.10

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

SuSE cyrus-imapd-2.1.12-77.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cyrus-imapd-2.1.1 2-77.i586.rpm

Carnegie Mellon University Cyrus IMAP Server 2.1.16

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Mandrake cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php

SuSE cyrus-imapd-2.1.15-91.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cyrus-imapd-2.1.1 5-91.i586.rpm

SuSE cyrus-imapd-2.1.15-91.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cyrus-imapd-2 .1.15-91.x86_64.rpm

Ubuntu cyrus21-admin_2.1.16-6ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-ad min_2.1.16-6ubuntu0.3_all.deb

Ubuntu cyrus21-clients_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-cl ients_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu cyrus21-clients_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-cl ients_2.1.16-6ubuntu0.3_i386.deb

Ubuntu cyrus21-clients_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-cl ients_2.1.16-6ubuntu0.3_powerpc.deb

Ubuntu cyrus21-common_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-co mmon_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu cyrus21-common_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-co mmon_2.1.16-6ubuntu0.3_i386.deb

Ubuntu cyrus21-common_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-co mmon_2.1.16-6ubuntu0.3_powerpc.deb

Ubuntu cyrus21-dev_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-de v_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu cyrus21-dev_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-de v_2.1.16-6ubuntu0.3_i386.deb

Ubuntu cyrus21-dev_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-de v_2.1.16-6ubuntu0.3_powerpc.deb

Ubuntu cyrus21-doc_2.1.16-6ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-do c_2.1.16-6ubuntu0.3_all.deb

Ubuntu cyrus21-imapd_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-im apd_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu cyrus21-imapd_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-im apd_2.1.16-6ubuntu0.3_i386.deb

Ubuntu cyrus21-imapd_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-im apd_2.1.16-6ubuntu0.3_powerpc.deb

Ubuntu cyrus21-murder_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-mu rder_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu cyrus21-murder_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-mu rder_2.1.16-6ubuntu0.3_i386.deb

Ubuntu cyrus21-murder_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-mu rder_2.1.16-6ubuntu0.3_powerpc.deb

Ubuntu cyrus21-pop3d_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-po p3d_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu cyrus21-pop3d_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-po p3d_2.1.16-6ubuntu0.3_i386.deb

Ubuntu cyrus21-pop3d_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-po p3d_2.1.16-6ubuntu0.3_powerpc.deb

Ubuntu libcyrus-imap-perl21_2.1.16-6ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-i map-perl21_2.1.16-6ubuntu0.3_amd64.deb

Ubuntu libcyrus-imap-perl21_2.1.16-6ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-i map-perl21_2.1.16-6ubuntu0.3_i386.deb

Ubuntu libcyrus-imap-perl21_2.1.16-6ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-i map-perl21_2.1.16-6ubuntu0.3_powerpc.deb

Carnegie Mellon University Cyrus IMAP Server 2.1.17

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Conectiva cyrus-imapd-2.1.18-28805U90_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cyrus-imapd-2.1.18-28805U90 _6cl.i386.rpm

Conectiva cyrus-imapd-devel-2.1.18-28805U90_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cyrus-imapd-devel-2.1.18-28 805U90_6cl.i386.rpm

Conectiva cyrus-imapd-devel-static-2.1.18-28805U90_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/cyrus-imapd-devel-static-2. 1.18-28805U90_6cl.i386.rpm

Carnegie Mellon University Cyrus IMAP Server 2.1.7

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.1.9

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2 .0 ALPHA

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.1 BETA

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.10

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Conectiva cyrus-imapd-2.2.12-76163U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/cyrus-imapd-2.2.12-76163U1 0_3cl.i386.rpm

Conectiva cyrus-imapd-devel-2.2.12-76163U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/cyrus-imapd-devel-2.2.12-7 6163U10_3cl.i386.rpm

Conectiva cyrus-imapd-devel-static-2.2.12-76163U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/cyrus-imapd-devel-static-2 .2.12-76163U10_3cl.i386.rpm

Conectiva cyrus-imapd-doc-2.2.12-76163U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/cyrus-imapd-doc-2.2.12-761 63U10_3cl.i386.rpm

Carnegie Mellon University Cyrus IMAP Server 2.2.2 BETA

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.3

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

RedHat cyrus-imapd-2.2.12-1.1.fc2.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/cyrus-imapd-2.2 .12-1.1.fc2.1.legacy.i386.rpm

RedHat cyrus-imapd-devel-2.2.12-1.1.fc2.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/cyrus-imapd-dev el-2.2.12-1.1.fc2.1.legacy.i386.rpm

RedHat cyrus-imapd-murder-2.2.12-1.1.fc2.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/cyrus-imapd-mur der-2.2.12-1.1.fc2.1.legacy.i386.rpm

RedHat cyrus-imapd-nntp-2.2.12-1.1.fc2.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/cyrus-imapd-nnt p-2.2.12-1.1.fc2.1.legacy.i386.rpm

RedHat cyrus-imapd-utils-2.2.12-1.1.fc2.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/cyrus-imapd-uti ls-2.2.12-1.1.fc2.1.legacy.i386.rpm

RedHat perl-Cyrus-2.2.12-1.1.fc2.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-Cyrus-2.2. 12-1.1.fc2.1.legacy.i386.rpm

SuSE cyrus-imapd-2.2.3-83.22.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cyrus-imapd-2.2.3 -83.22.i586.rpm

SuSE cyrus-imapd-2.2.3-83.22.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/cyrus-imapd-2 .2.3-83.22.x86_64.rpm

Carnegie Mellon University Cyrus IMAP Server 2.2.4

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.5

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.6

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Fedora cyrus-imapd-2.2.12-1.1.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-2.2.12-1.1.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-devel-2.2.12-1.1.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-devel-2.2.12-1.1.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-murder-2.2.12-1.1.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-murder-2.2.12-1.1.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-nntp-2.2.12-1.1.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-nntp-2.2.12-1.1.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-utils-2.2.12-1.1.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora cyrus-imapd-utils-2.2.12-1.1.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora perl-Cyrus-2.2.12-1.1.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Fedora perl-Cyrus-2.2.12-1.1.fc3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Carnegie Mellon University Cyrus IMAP Server 2.2.7

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Carnegie Mellon University Cyrus IMAP Server 2.2.8

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

Mandrake cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php

OpenPKG imapd-2.2.8-2.2.2.src.rpm
ftp.openpkg.org/release/2.2/UPD/imapd-2.2.8-2.2.2.src.rpm

SuSE cyrus-imapd-2.2.8-6.5.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/cyrus-imapd-2.2.8 -6.5.i586.rpm

SuSE cyrus-imapd-2.2.8-6.5.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/cyrus-imapd-2 .2.8-6.5.x86_64.rpm

Carnegie Mellon University Cyrus IMAP Server 2.2.9

Carnegie Mellon University cyrus-imapd-2.2.11.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.11.tar.gz

References

Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities

References:

[security-announce] I: updated packages available (ALT Linux)
Cyrus IMAPd 2.2.11 Released (Derrick J Brashear )
Cyrus IMAPD Home Page (Carnegie Mellon University)
RHSA-2005:408-04 - cyrus-imapd security update (RedHat)