IMAP: Authentication Overflow
This signature detects attempts to send overly long authorization commands to an IMAP server. Attackers can use this exploit remotely to attack vulnerable IMAP servers, such as MailEnable.
Extended Description
Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon. It is available for Unix and Linux operating systems. It has been reported that Cyrus IMAPD does not sufficiently handle overly long strings. In some cases, when a user connects to the daemon, and upon negotiating the connection sends a login string of excessive length, a buffer overflow occurs. This could result in heap corruption and arbitrary words in memory being overwritten. It may be possible to exploit this issue to execute arbitrary code.
Affected Products
Carnegie_mellon_university cyrus_imap_server
Short Name
IMAP:AUTH-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
IMAP
Keywords
Authentication CVE-2002-1580 Overflow bid:6298
Release Date
04/15/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Carnegie_mellon_university
CVSS Score
7.5