Published: 22/05/2006 Updated: 20/07/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 525

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote malicious users to execute arbitrary code via a long USER command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cyrus imapd 2.3.2

## # $Id: cyrus_pop3d_popsubfoldersrb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/cor ...

#!/usr/bin/perl ## Creator: K-sPecial (xzziroznet) of aware (awarenetworkorg) ## Name: bid-18056pl ## Date: 08/12/2006 ## ## Description: this is yet another exploit for the cyrus pop3d buffer overflow I tried both public ## exploits and not either of them worked (not that they don't but coding my own is generaly faster ## and easier) so I ...

/* zeroday warez * !!! PRIVATE - DONT DISTRIBUTE - PRIVATE !!! ********************************************* * cyruspop3dc - cyrus pop3d remote exploit by kcope * tested on cyrus-imapd-232,linux * * bug found 23 Apr 2006 by kcope *-------------------------------------------- * * imapd/pop3dc line 1830 : * char userbuf[MAX_MAILBOX_NAME ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0527.html http://www.securityfocus.com/bid/18056 http://securitytracker.com/id?1016131 http://www.vupen.com/english/advisories/2006/1891 https://exchange.xforce.ibmcloud.com/vulnerabilities/26578 https://nvd.nist.gov https://www.exploit-db.com/exploits/16836/

CVE-2006-2502

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect