Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.
There is no temporary workaround except shutting down the IMAP server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.2 | i586 | cyrus-imapd | < 2.2.8-6.3 | cyrus-imapd-2.2.8-6.3.i586.rpm |
openSUSE | 9.1 | i586 | cyrus-imapd | < 2.2.3-83.19 | cyrus-imapd-2.2.3-83.19.i586.rpm |
openSUSE | 8.1 | i586 | cyrus-imapd | < 2.1.16-56 | cyrus-imapd-2.1.16-56.i586.rpm |
openSUSE | 9.0 | x86_64 | cyrus-imapd | < 2.1.15-89 | cyrus-imapd-2.1.15-89.x86_64.rpm |
openSUSE | 9.1 | x86_64 | cyrus-imapd | < 2.2.3-83.19 | cyrus-imapd-2.2.3-83.19.x86_64.rpm |
openSUSE | 8.2 | i586 | cyrus-imapd | < 2.1.12-75 | cyrus-imapd-2.1.12-75.i586.rpm |
openSUSE | 9.0 | i586 | cyrus-imapd | < 2.1.15-89 | cyrus-imapd-2.1.15-89.i586.rpm |
openSUSE | 9.2 | x86_64 | cyrus-imapd | < 2.2.8-6.3 | cyrus-imapd-2.2.8-6.3.x86_64.rpm |