Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1013

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1013
Last Modified 10 Sep 2008 03:28:37
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1013

Summary

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1

Application

  • Carnegie Mellon University Cyrus Imap Server 2.1.10

  • Carnegie Mellon University Cyrus Imap Server 2.1.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.7

  • Carnegie Mellon University Cyrus Imap Server 2.1.9

  • Carnegie Mellon University Cyrus Imap Server 2.2.0 Alpha

  • Carnegie Mellon University Cyrus Imap Server 2.2.1 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.2 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.3

  • Carnegie Mellon University Cyrus Imap Server 2.2.4

  • Carnegie Mellon University Cyrus Imap Server 2.2.5

  • Carnegie Mellon University Cyrus Imap Server 2.2.6

  • Carnegie Mellon University Cyrus Imap Server 2.2.7

  • Carnegie Mellon University Cyrus Imap Server 2.2.8

  • Openpkg Current


References

DEBIAN - DSA-597

GENTOO - GLSA-200411-34

MISC - http://security.e-matters.de/advisories/152004.html

SECUNIA - 13274

BUGTRAQ - 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities

CONFIRM - http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

MANDRAKE - MDKSA-2004:139

UBUNTU - USN-31-1

MLIST - [cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released


Last Updated: 27 May 2016 10:38:51