Arbitrary Code Execution

2020-04-1001:02:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

cyrus-imapd is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.

CPENameOperatorVersion
cyrus-imapdeq2.2.12__10.el4_8.4
cyrus-imapdeq2.2.12__10.el4_8.1
cyrus-imapdeq2.2.12__15.el4
cyrus-imapdeq2.3.7__2.el5
cyrus-imapdeq2.3.7__7.el5_6.4
cyrus-imapdeq2.3.7__2.el5_3.2
cyrus-imapdeq2.3.7__7.el5_4.3
cyrus-imapdeq2.3.7__1.1.el5
cyrus-imapdeq2.3.7__7.el5
cyrus-imapdeq2.2.12__10.el4_8.4

Name	Operator	Version
cyrus-imapd	eq	2.2.12__10.el4_8.4
cyrus-imapd	eq	2.2.12__10.el4_8.1
cyrus-imapd	eq	2.2.12__15.el4
cyrus-imapd	eq	2.3.7__2.el5
cyrus-imapd	eq	2.3.7__7.el5_6.4
cyrus-imapd	eq	2.3.7__2.el5_3.2
cyrus-imapd	eq	2.3.7__7.el5_4.3
cyrus-imapd	eq	2.3.7__1.1.el5
cyrus-imapd	eq	2.3.7__7.el5
cyrus-imapd	eq	2.2.12__10.el4_8.4