Signature Detail

IMAP: Cyrus IMAP Server Pre-Login Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Cyrus IMAPd. Cyrus IMAPd versions 1.4 through 2.1.10 are vulnerable. A successful attack can allow the attacker to overflow the buffer prior to authentication, permitting arbitrary code execution and compromising the system.

Extended Description

A memory corruption vulnerability has been discovered in SASL when generating logs files. It has been reported that under some circumstances SASL fails to allocate sufficient memory for string used in log entries. By causing Cyrus to generate a malicious log it may be possible for an attacker to corrupt memory. This could potentially be exploited to overwrite the LSB of a sensitive variable or possibly cause inaccurate logs to be created. It should be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library.

Affected Products

• Apple Mac OS X 10.0.0
• Apple Mac OS X 10.0.0 3
• Apple Mac OS X 10.0.1
• Apple Mac OS X 10.0.2
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.4
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.1
• Apple Mac OS X 10.1.2
• Apple Mac OS X 10.1.3
• Apple Mac OS X 10.1.4
• Apple Mac OS X 10.1.5
• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.1
• Apple Mac OS X 10.2.2
• Apple Mac OS X 10.2.3
• Apple Mac OS X 10.2.4
• Apple Mac OS X 10.2.5
• Apple Mac OS X 10.2.6
• Apple Mac OS X 10.2.7
• Apple Mac OS X 10.2.8
• Apple Mac OS X 10.3.0
• Apple Mac OS X 10.3.1
• Apple Mac OS X 10.3.2
• Apple Mac OS X 10.3.3
• Apple Mac OS X 10.3.4
• Apple Mac OS X 10.3.5
• Apple Mac OS X 10.3.6
• Apple Mac OS X 10.3.7
• Apple Mac OS X 10.3.8
• Apple Mac OS X Server 10.0.0
• Apple Mac OS X Server 10.1.0
• Apple Mac OS X Server 10.1.1
• Apple Mac OS X Server 10.1.2
• Apple Mac OS X Server 10.1.3
• Apple Mac OS X Server 10.1.4
• Apple Mac OS X Server 10.1.5
• Apple Mac OS X Server 10.2.0
• Apple Mac OS X Server 10.2.1
• Apple Mac OS X Server 10.2.2
• Apple Mac OS X Server 10.2.3
• Apple Mac OS X Server 10.2.4
• Apple Mac OS X Server 10.2.5
• Apple Mac OS X Server 10.2.6
• Apple Mac OS X Server 10.2.7
• Apple Mac OS X Server 10.2.8
• Apple Mac OS X Server 10.3.0
• Apple Mac OS X Server 10.3.1
• Apple Mac OS X Server 10.3.2
• Apple Mac OS X Server 10.3.3
• Apple Mac OS X Server 10.3.4
• Apple Mac OS X Server 10.3.5
• Apple Mac OS X Server 10.3.6
• Apple Mac OS X Server 10.3.7
• Apple Mac OS X Server 10.3.8
• Cyrus-Utils SASL 2.1.9

References

• BugTraq: 6349
• CVE: CVE-2002-1347
• URL: http://www.security.nnov.ru/search/document.asp?docid=3828
• URL: http://www.debian.org/security/2002/dsa-215
• URL: http://www.ciac.org/ciac/bulletins/p-156.shtml