Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1011

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1011
Last Modified 10 Sep 2008 03:28:37
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1011

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1

Application

  • Carnegie Mellon University Cyrus Imap Server 2.1.10

  • Carnegie Mellon University Cyrus Imap Server 2.1.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.7

  • Carnegie Mellon University Cyrus Imap Server 2.1.9

  • Carnegie Mellon University Cyrus Imap Server 2.2.0 Alpha

  • Carnegie Mellon University Cyrus Imap Server 2.2.1 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.2 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.3

  • Carnegie Mellon University Cyrus Imap Server 2.2.4

  • Carnegie Mellon University Cyrus Imap Server 2.2.5

  • Carnegie Mellon University Cyrus Imap Server 2.2.6

  • Carnegie Mellon University Cyrus Imap Server 2.2.7

  • Carnegie Mellon University Cyrus Imap Server 2.2.8

  • Openpkg Current


References

XF - cyrus-imap-username-bo(18198)

GENTOO - GLSA-200411-34

MISC - http://security.e-matters.de/advisories/152004.html

SECUNIA - 13274

BUGTRAQ - 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities

CONFIRM - http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

MANDRAKE - MDKSA-2004:139

MLIST - [cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released


Last Updated: 27 May 2016 10:38:51