Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.11196 |
Kategorie: | Gain a shell remotely |
Titel: | Cyrus IMAP pre-login buffer overflow |
Zusammenfassung: | According to its banner, the remote Cyrus IMAP; server is vulnerable to a pre-login buffer overrun. |
Beschreibung: | Summary: According to its banner, the remote Cyrus IMAP server is vulnerable to a pre-login buffer overrun. Vulnerability Impact: An attacker without a valid login could exploit this, and would be able to execute arbitrary commands as the owner of the Cyrus process. This would allow full access to all users' mailboxes. Solution: If possible, upgrade to an unaffected version. However, at the time of writing no official fix was available. There is a source patch against 2.1.10 in the referenced Bugtraq report. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 6298 Common Vulnerability Exposure (CVE) ID: CVE-2002-1580 http://www.securityfocus.com/bid/6298 Bugtraq: 20021202 pre-login buffer overflow in Cyrus IMAP server (Google Search) http://www.securityfocus.com/archive/1/301864 CERT/CC vulnerability note: VU#740169 http://www.kb.cert.org/vuls/id/740169 Conectiva Linux advisory: 000557 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557 Conectiva Linux advisory: CLA-2002:557 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557 Debian Security Information: DSA-215 (Google Search) http://www.debian.org/security/2002/dsa-215 XForce ISS Database: cyrus-imap-preauth-bo(10744) https://exchange.xforce.ibmcloud.com/vulnerabilities/10744 |
Copyright | This script is Copyright (C) 2002 Paul Johnston, Westpoint Ltd |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |