Cyrus IMAP pop3d popsubfolders buffer overflow

Added: 10/30/2008
CVE: CVE-2006-2502
BID: 18056
OSVDB: 25853


Cyrus IMAP is an open-source IMAP, POP3, and KPOP server. The popsubfolders configuration option allows POP3 users to access subfolders by specifying the subfolder name when logging in.


When the popsubfolders configuration option is enabled, a buffer overflow in the USER command allows remote attackers to execute arbitrary commands.


Upgrade to Cyrus IMAP 2.3.4 or higher.



Exploit works on Cyrus IMAP 2.3.2 on Red Hat Enterprise Linux 4 if POP3 is enabled with the popsubfolders configuration setting.

In order for the exploit to succeed, code execution on the stack must be enabled for the pop3d executable file.


Red Hat

Back to exploit index