Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-1580

Published: 14/06/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cyrus Imap Server

Vulnerability Summary

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote malicious users to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

Vulnerable Product Search on Vulmon Subscribe to Product

carnegie mellon university cyrus imap server 2.0.12

carnegie mellon university cyrus imap server 2.0.16

carnegie mellon university cyrus imap server 2.1.10

carnegie mellon university cyrus imap server 2.1.9

carnegie mellon university cyrus imap server 1.4

carnegie mellon university cyrus imap server 1.5.19

Vendor Advisories

Debian Security Advisories: DSA-215-1 cyrus-imapd -- buffer overflow
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server For the current stable distribution (woody) this problem has been fixed in version 1519-91 For the ...

Exploits

Exploit DB: Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption
source: wwwsecurityfocuscom/bid/6298/info Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon It is available for Unix and Linux operating systems It has been reported that Cyrus IMAPD does not sufficiently handle overly long strings In some cases, when a user connects to the daemon, and upon ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/301864http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557http://www.kb.cert.org/vuls/id/740169http://www.securityfocus.com/bid/6298http://www.debian.org/security/2002/dsa-215http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557https://exchange.xforce.ibmcloud.com/vulnerabilities/10744https://nvd.nist.govhttps://www.debian.org/security/./dsa-215https://www.exploit-db.com/exploits/22061/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook