NASLDB: cyrus-imsp abook_dbname buffer overflow
General
ID: 11953
Name: cyrus-imsp abook_dbname buffer overflow
Summary: cyrus-imsp abook_dbname buffer overflow
Credits: –
Classification
Risk: High
CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –
Port: 406
Family: Gain root remotely
Type: –
Description
The remote host is running a version of cyrus-imsp (Internet Message Support
Protocol) which has a buffer overflow bug.
An attacker could exploit this bug to execute arbitrary code on this system
with the privileges of the root user.
The overflow occurs when the user issues a too long argument as his name,
causing an overflow in the abook_dbname function command.
Risk factor : High
Solution : Upgrade cyrus-imsp server to version version 1.6a4 or 1.7a
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: –
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: –
Plugin
Version: 1.1
Filename: cyrus_imsp_overflow.nasl
Filesize: 1921 bytes
MD5 Hash: 39e4d4ef550cc0ff60fdd4b79a4ee42c
Identification: Services/imsp
Require Keys: –
Dependencies: "find_service.nes"
Copyright: This script is Copyright© 2003 Noam Rathaus
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack