IMAP: Cyrus IMAP Server Pre-Login Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Cyrus IMAPd. Cyrus IMAPd versions 1.4 through 2.1.10 are vulnerable. A successful attack can allow the attacker to overflow the buffer prior to authentication, permitting arbitrary code execution and compromising the system.

Extended Description

A memory corruption vulnerability has been discovered in SASL when generating logs files. It has been reported that under some circumstances SASL fails to allocate sufficient memory for string used in log entries. By causing Cyrus to generate a malicious log it may be possible for an attacker to corrupt memory. This could potentially be exploited to overwrite the LSB of a sensitive variable or possibly cause inaccurate logs to be created. It should be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library.

Affected Products

Apple mac_os_x

References

BugTraq: 6349

CVE: CVE-2002-1347

URL: http://www.security.nnov.ru/search/document.asp?docid=3828 http://www.debian.org/security/2002/dsa-215 http://www.ciac.org/ciac/bulletins/p-156.shtml

Short Name

IMAP:CYRUS:PRELOG

Severity

Major

Recommended

False

Recommended Action

Drop

IMAP: Cyrus IMAP Server Pre-Login Buffer Overflow

Extended Description

Affected Products

References

Found a potential security threat?