USN-87-1: Cyrus IMAP server vulnerability

28 February 2005

cyrus21-imapd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Sean Larsson discovered a buffer overflow in the IMAP “annotate” extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
cyrus21-imapd

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References