remote command execution in cyrus-imapd

ID SUSE-SA:2002:048
Type suse
Reporter Suse
Modified 2002-12-20T18:02:33


The cyrus imapd contains a buffer overflow which could be exploited by remote attackers prior to logging in. Attackers could generate oversized error messages and overflow buffers inside imapd. Additionally to this fix, an overflow in the SASL library (as used by the cyrus imapd) has been fixed. This bug only affects SuSE Linux 8.1, the SuSE Linux Enterprise Server 8 and the SuSE Linux Openexchange Server.