|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-34] Cyrus IMAP Server: Multiple remote vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Cyrus IMAP Server: Multiple remote vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-34
(Cyrus IMAP Server: Multiple remote vulnerabilities)
Multiple vulnerabilities have been discovered in the argument
parsers of the 'partial' and 'fetch' commands of the Cyrus IMAP Server
(CVE-2004-1012, CVE-2004-1013). There are also buffer overflows in the
'imap magic plus' code that are vulnerable to exploitation as well
(CVE-2004-1011, CVE-2004-1015).
Impact
A possible hacker can exploit these vulnerabilities to execute arbitrary
code with the rights of the user running the Cyrus IMAP Server.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1011
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1012
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1013
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1015
http://security.e-matters.de/advisories/152004.html
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
Solution:
All Cyrus-IMAP Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.10"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|