Cyrus IMAP LOGIN exploit v1.9 Vulnerability exploited: CAN-2004-1011 - BID-11729 Category: Exploits/Remote This module exploits a buffer overflow and installs a level0 agent into the target host. When the option imapmagicplus is activated on a Cyrus IMAP server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is exploited by this module to install a level0 agent.Cyrus 2.2.8 and prior are vulnerable. Supported Systems: RedHat Linux 8 (i386) RedHat Linux 9 (i386) Debian Linux 3 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.