In December 2002, Timo Sirainen reported:
Cyrus IMAP server has a remotely exploitable pre-login
buffer overflow. […] Note that you don’t have to log in
before exploiting this, and since Cyrus
runs everything under one UID, it’s possible to read every
user’s mail in the system.
It is unknown whether this vulnerability is exploitable for code
execution on FreeBSD systems.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | cyrus-imapd | < 2.0.17 | UNKNOWN |