Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 IMAP:VULN:CYRUS-2-1-11

Severity

 Info

Recommended

 No

Category

 IMAP

Keywords

 Vulnerable Cyrus Version ( < 2.2.11)

Release Date

 2005/02/16

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

IMAP: Vulnerable Cyrus Version ( < 2.2.11)


This signature detects Cyrus IMAP Server versions earlier than 2.2.11, which contain buffer overflow vulnerabilities. Attackers can execute malicious code on a remote Cyrus IMAP server.

Extended Description

A memory corruption vulnerability has been discovered in SASL when generating logs files. It has been reported that under some circumstances SASL fails to allocate sufficient memory for string used in log entries. By causing Cyrus to generate a malicious log it may be possible for an attacker to corrupt memory. This could potentially be exploited to overwrite the LSB of a sensitive variable or possibly cause inaccurate logs to be created. It should be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library.

Affected Products

  • Apple Mac OS X 10.0.0
  • Apple Mac OS X 10.0.0 3
  • Apple Mac OS X 10.0.1
  • Apple Mac OS X 10.0.2
  • Apple Mac OS X 10.0.3
  • Apple Mac OS X 10.0.4
  • Apple Mac OS X 10.1.0
  • Apple Mac OS X 10.1.1
  • Apple Mac OS X 10.1.2
  • Apple Mac OS X 10.1.3
  • Apple Mac OS X 10.1.4
  • Apple Mac OS X 10.1.5
  • Apple Mac OS X 10.2.0
  • Apple Mac OS X 10.2.1
  • Apple Mac OS X 10.2.2
  • Apple Mac OS X 10.2.3
  • Apple Mac OS X 10.2.4
  • Apple Mac OS X 10.2.5
  • Apple Mac OS X 10.2.6
  • Apple Mac OS X 10.2.7
  • Apple Mac OS X 10.2.8
  • Apple Mac OS X 10.3.0
  • Apple Mac OS X 10.3.1
  • Apple Mac OS X 10.3.2
  • Apple Mac OS X 10.3.3
  • Apple Mac OS X 10.3.4
  • Apple Mac OS X 10.3.5
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X 10.3.7
  • Apple Mac OS X 10.3.8
  • Apple Mac OS X Server 10.0.0
  • Apple Mac OS X Server 10.1.0
  • Apple Mac OS X Server 10.1.1
  • Apple Mac OS X Server 10.1.2
  • Apple Mac OS X Server 10.1.3
  • Apple Mac OS X Server 10.1.4
  • Apple Mac OS X Server 10.1.5
  • Apple Mac OS X Server 10.2.0
  • Apple Mac OS X Server 10.2.1
  • Apple Mac OS X Server 10.2.2
  • Apple Mac OS X Server 10.2.3
  • Apple Mac OS X Server 10.2.4
  • Apple Mac OS X Server 10.2.5
  • Apple Mac OS X Server 10.2.6
  • Apple Mac OS X Server 10.2.7
  • Apple Mac OS X Server 10.2.8
  • Apple Mac OS X Server 10.3.0
  • Apple Mac OS X Server 10.3.1
  • Apple Mac OS X Server 10.3.2
  • Apple Mac OS X Server 10.3.3
  • Apple Mac OS X Server 10.3.4
  • Apple Mac OS X Server 10.3.5
  • Apple Mac OS X Server 10.3.6
  • Apple Mac OS X Server 10.3.7
  • Apple Mac OS X Server 10.3.8
  • Cyrus-Utils SASL 2.1.9

References

  • BugTraq: 6349
  • CVE: CVE-2002-1347
  • URL: http://online.securityfocus.com/archive/1/301864
  • URL: http://www.debian.org/security/2002/dsa-215
  • URL: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out