Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0546

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0546
Last Modified 21 Aug 2010 12:26:19
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0546

Summary

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.

Vulnerable Systems

Application

  • Cyrus Imapd 2.0.17

  • Cyrus Imapd 2.1.16

  • Cyrus Imapd 2.1.17

  • Cyrus Imapd 2.1.18

  • Cyrus Imapd 2.2.10


References

GENTOO - GLSA-200502-29

SECUNIA - 14383

BUGTRAQ - 20050228 [USN-87-1] Cyrus IMAP server vulnerability

MLIST - [info-cyrus] 20050214 Cyrus IMAPd 2.2.11 Released

CONECTIVA - CLA-2005:937

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=82404

BID - 12636

FEDORA - FLSA:156290

REDHAT - RHSA-2005:408

MANDRAKE - MDKSA-2005:051

SECTRACK - 1013278


Last Updated: 27 May 2016 10:39:50