Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the “partial” and “fetch” commands, an argument like “body[p” was detected as “body.peek”. This could cause a buffer overflow which could be exploited to execute arbitrary attacker-supplied code.
This update also fixes an exploitable buffer overflow that could be triggered in situations when memory allocation fails (i. e. when no free memory is available any more).
24 November 2004
A security issue affects these releases of Ubuntu and its derivatives:
Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the “partial” and “fetch” commands, an argument like “body[p” was detected as “body.peek”. This could cause a buffer overflow which could be exploited to execute arbitrary attacker-supplied code.
This update also fixes an exploitable buffer overflow that could be triggered in situations when memory allocation fails (i. e. when no free memory is available any more).
Both vulnerabilities can lead to privilege escalation to root.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon