Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1580

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1580
Last Modified 05 Sep 2008 04:30:58
Published 14 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1580

Summary

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

Vulnerable Systems

Application

  • Carnegie Mellon University Cyrus Imap Server 1.4

  • Carnegie Mellon University Cyrus Imap Server 1.5.19

  • Carnegie Mellon University Cyrus Imap Server 2.0.12

  • Carnegie Mellon University Cyrus Imap Server 2.0.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.10

  • Carnegie Mellon University Cyrus Imap Server 2.1.9


References

CERT-VN - VU#740169

XF - cyrus-imap-preauth-bo(10744)

BID - 6298

BUGTRAQ - 20021202 pre-login buffer overflow in Cyrus IMAP server

DEBIAN - DSA-215

CONECTIVA - CLA-2002:557

CONFIRM - http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

CONECTIVA - 000557


Last Updated: 27 May 2016 10:37:24