Vulnerability Name:

CVE-2006-2502 (CCN-26578)

Assigned:2006-05-21
Published:2006-05-21
Updated:2017-07-20
Summary:Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Sun May 21 2006 - 06:52:05 CDT
Cyrus IMAPD pop3d remote compromise aka cyrusFUCK3d

Source: FULLDISC
Type: Exploit
20060521 Cyrus IMAPD pop3d remote compromise aka cyrusFUCK3d

Source: CCN
Type: Project Cyrus Web page
Project Cyrus

Source: MITRE
Type: CNA
CVE-2006-2502

Source: CCN
Type: SECTRACK ID: 1016131
Cyrus IMAP Server POP3 Server `popsubfolders` Buffer Overflow in USER Command Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016131

Source: CCN
Type: OSVDB ID: 25853
Cyrus IMAPD pop3d USER Command Remote Overflow

Source: BID
Type: Exploit
18056

Source: CCN
Type: BID-18056
Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1891

Source: XF
Type: UNKNOWN
cyrus-imap-pop3d-bo(26578)

Source: XF
Type: UNKNOWN
cyrus-imap-pop3d-bo(26578)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cyrus:imapd:2.3.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cyrus imapd 2.3.2
    cmu cyrus imap server 2.3.2