ID CVE-2006-2502
Summary Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
References
Vulnerable Configurations
  • cpe:2.3:a:cyrus:imapd:2.3.2
    cpe:2.3:a:cyrus:imapd:2.3.2
CVSS
Base: 5.1 (as of 22-05-2006 - 12:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3). CVE-2006-2502. Remote exploit for linux platform
    id EDB-ID:2185
    last seen 2016-01-31
    modified 2006-08-14
    published 2006-08-14
    reporter K-sPecial
    source https://www.exploit-db.com/download/2185/
    title Cyrus IMAPD 2.3.2 pop3d Remote Buffer Overflow Exploit 3
  • description Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit. CVE-2006-2502. Remote exploit for linux platform
    id EDB-ID:1813
    last seen 2016-01-31
    modified 2006-05-21
    published 2006-05-21
    reporter kingcope
    source https://www.exploit-db.com/download/1813/
    title Cyrus IMAPD 2.3.2 pop3d Remote Buffer Overflow Exploit
  • description Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow. CVE-2006-2502. Remote exploit for linux platform
    id EDB-ID:16836
    last seen 2016-02-02
    modified 2010-04-30
    published 2010-04-30
    reporter metasploit
    source https://www.exploit-db.com/download/16836/
    title Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
metasploit via4
description This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability. NOTE: The popsubfolders option is a non-default setting. I chose to overwrite the GOT with my shellcode and return to it. This defeats the VA random patch and possibly other stack protection features. Tested on gentoo-sources Linux 2.6.16. Although Fedora CORE 5 ships with a version containing the vulnerable code, it is not exploitable due to the use of the FORTIFY_SOURCE compiler enhancement
id MSF:EXPLOIT/LINUX/POP3/CYRUS_POP3D_POPSUBFOLDERS
last seen 2019-03-19
modified 2017-07-24
published 2009-12-15
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb
title Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/84584/cyrus_pop3d_popsubfolders.rb.txt
id PACKETSTORM:84584
last seen 2016-12-05
published 2009-12-31
reporter bannedit
source https://packetstormsecurity.com/files/84584/Cyrus-IMAPD-pop3d-popsubfolders-USER-Buffer-Overflow.html
title Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
refmap via4
bid 18056
fulldisc 20060521 Cyrus IMAPD pop3d remote compromise aka cyrusFUCK3d
sectrack 1016131
vupen ADV-2006-1891
xf cyrus-imap-pop3d-bo(26578)
saint via4
  • bid 18056
    description Cyrus IMAP pop3d popsubfolders buffer overflow
    id mail_pop_cyruspopsub
    osvdb 25853
    title cyrus_imap_pop3d_subfolders_rh
    type remote
  • bid 18056
    description Cyrus IMAP pop3d popsubfolders buffer overflow
    id mail_pop_cyruspopsub
    osvdb 25853
    title cyrus_imap_pop3d_subfolders
    type remote
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. This issue does not affect the versions of cyrus-imapd distributed with Red Hat Enterprise Linux.
Last major update 07-03-2011 - 21:36
Published 22-05-2006 - 12:06
Last modified 19-07-2017 - 21:31
Back to Top