Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server. For the current stable distribution (woody) this problem has been fixed in version 1.5.19-9.1. For the old stable distribution (potato) this problem has been fixed in version 1.5.19-2.2. For the unstable distribution (sid) this problem has been fixed in version 1.5.19-9.10. Current cyrus21-imapd packages are not vulnerable. We recommend that you upgrade your cyrus-imapd package.
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server.
For the current stable distribution (woody) this problem has been fixed in version 1.5.19-9.1.
For the old stable distribution (potato) this problem has been fixed in version 1.5.19-2.2.
For the unstable distribution (sid) this problem has been fixed in version 1.5.19-9.10. Current cyrus21-imapd packages are not vulnerable.
We recommend that you upgrade your cyrus-imapd package.
MD5 checksums of the listed files are available in the original advisory.