BID:18056

Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

CVE-2006-2502 |

Info

Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

Bugtraq ID:	18056
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	May 21 2006 12:00AM
Updated:	Aug 14 2006 10:30PM
Credit:	kcope is credited with the discovery of this vulnerability.
Vulnerable:	Cmu Cyrus IMAP Server 2.3.2

Not Vulnerable:

Discussion

Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

Cyrus IMAPD is prone to a remote buffer-overflow vulnerability. This issue is due to a failure in the application to properly verify user-supplied input before copying it into a finite-sized buffer.

Successful exploits may result in memory corruption leading to a denial-of-service condition or arbitrary code execution.

Cyrus IMAPD version 2.3.2 is reported to be vulnerable. Other versions may be affected as well.

Exploit / POC

Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

The following exploits are available:

/data/vulnerabilities/exploits/cyruspop3d.c
/data/vulnerabilities/exploits/cyrus-imapd-expl.rb
/data/vulnerabilities/exploits/cyrus-imapd-expl.pl

Solution / Fix

Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

References

Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

References:

[Full-disclosure] Cyrus IMAPD pop3d remote compromise aka cyrusFUCK3d (kcope)
Cyrus Project Web Site (Cyrus)