Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.11196
Kategorie:Gain a shell remotely
Titel:Cyrus IMAP pre-login buffer overflow
Zusammenfassung:According to its banner, the remote Cyrus IMAP; server is vulnerable to a pre-login buffer overrun.
Beschreibung:Summary:
According to its banner, the remote Cyrus IMAP
server is vulnerable to a pre-login buffer overrun.

Vulnerability Impact:
An attacker without a valid login could exploit this, and would be
able to execute arbitrary commands as the owner of the Cyrus
process. This would allow full access to all users' mailboxes.

Solution:
If possible, upgrade to an unaffected version. However, at
the time of writing no official fix was available. There is a source
patch against 2.1.10 in the referenced Bugtraq report.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 6298
Common Vulnerability Exposure (CVE) ID: CVE-2002-1580
http://www.securityfocus.com/bid/6298
Bugtraq: 20021202 pre-login buffer overflow in Cyrus IMAP server (Google Search)
http://www.securityfocus.com/archive/1/301864
CERT/CC vulnerability note: VU#740169
http://www.kb.cert.org/vuls/id/740169
Conectiva Linux advisory: 000557
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
Conectiva Linux advisory: CLA-2002:557
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557
Debian Security Information: DSA-215 (Google Search)
http://www.debian.org/security/2002/dsa-215
XForce ISS Database: cyrus-imap-preauth-bo(10744)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10744
CopyrightThis script is Copyright (C) 2002 Paul Johnston, Westpoint Ltd

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.