Cyrus IMAP Server < 2.2.11 Multiple Remote Overflows

🗓️ 24 Feb 2005 00:00:00Reported by TenableType

Cyrus IMAP Server versions under 2.2.11 have multiple buffer overflow vulnerabilities.

Reporter	Title	Published	Views	Family All 26
Tenable Nessus	Cyrus IMAPD < 2.2.12 Multiple Remote Overflows	24 Feb 200500:00	–	nessus
Tenable Nessus	CentOS 4 : cyrus-imapd (CESA-2005:408)	5 Jul 200600:00	–	nessus
Tenable Nessus	Fedora Core 3 : cyrus-imapd-2.2.12-1.1.fc3 (2005-339)	24 Sep 201200:00	–	nessus
Tenable Nessus	FreeBSD : cyrus-imapd -- multiple buffer overflow vulnerabilities (b2d248ad-88f6-11d9-aa18-0001020eed82)	13 Jul 200500:00	–	nessus
Tenable Nessus	GLSA-200502-29 : Cyrus IMAP Server: Multiple overflow vulnerabilities	23 Feb 200500:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : cyrus-imapd (MDKSA-2005:051)	6 Mar 200500:00	–	nessus
Tenable Nessus	RHEL 4 : cyrus-imapd (RHSA-2005:408)	17 May 200500:00	–	nessus
Tenable Nessus	Ubuntu 4.10 : cyrus21-imapd vulnerability (USN-87-1)	15 Jan 200600:00	–	nessus
FreeBSD	cyrus-imapd -- multiple buffer overflow vulnerabilities	14 Feb 200500:00	–	freebsd
Cent OS	cyrus, perl security update	17 May 200523:27	–	centos

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(17208);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2005-0546");
  script_bugtraq_id(12636);

  script_name(english:"Cyrus IMAP Server < 2.2.11 Multiple Remote Overflows");

  script_set_attribute(attribute:"synopsis", value:
"The remote IMAP server is affected by multiple buffer overflow issues.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote Cyrus IMAP server is affected by
off-by-one errors in its imapd annotate extension and its cached
header handling which can be triggered by an authenticated user, a
buffer overflow in fetchnews that can be triggered by a peer news
admin, and an unspecified stack-based buffer overflow in imapd.");
  # http://web.archive.org/web/20060616064839/http://cyrusimap.web.cmu.edu/imapd/changes.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6eef2b3d");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Cyrus IMAP server version 2.2.11 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cmu:cyrus_imap_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gain a shell remotely");

  script_copyright(english:"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.");

  script_dependencies("cyrus_imap_prelogin_overflow.nasl");
  script_require_ports("Services/imap", 143);

  exit(0);
}

#
# The script code starts here
#

port = get_kb_item("Services/imap");
if(!port) port = 143;

banner = get_kb_item("imap/" + port + "/Cyrus");
if ( ! banner ) exit(0);
if(egrep(pattern:"^(1\..*|2\.0\..*|2\.1\.[1-9][^0-9]|2\.1\.1[01])[0-9]*$", string:banner))
    security_hole(port);

11 Apr 2022 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 27.5

EPSS0.01818