Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 06/12/2006
CVE: CVE-2006-2502
BID: 18056
OSVDB: 25853

Background

Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in.

Problem

When the popsubfolders configuration option is enabled, a buffer overflow in the USER command allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to Cyrus IMAP 2.3.4 or higher.

References

http://www.frsirt.com/english/advisories/2006/1891

Limitations

Exploit works on Cyrus IMAP 2.3 through 2.3.3 if POP3 is enabled with the popsubfolders configuration setting.

Platforms

Linux

Back to exploit index