Cyrus IMAP pop3d popsubfolders buffer overflow

2006-06-12T00:00:00
ID SAINT:D38816B77BE6FD857248F5BB538F50E9
Type saint
Reporter SAINT Corporation
Modified 2006-06-12T00:00:00

Description

Added: 06/12/2006
CVE: CVE-2006-2502
BID: 18056
OSVDB: 25853

Background

Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The **popsubfolders** configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in.

Problem

When the **popsubfolders** configuration option is enabled, a buffer overflow in the **USER** command allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to Cyrus IMAP 2.3.4 or higher.

References

<http://www.frsirt.com/english/advisories/2006/1891>

Limitations

Exploit works on Cyrus IMAP 2.3 through 2.3.3 if POP3 is enabled with the **popsubfolders** configuration setting.

Platforms

Linux