Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1015

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1015
Last Modified 10 Sep 2008 03:28:37
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1015

Summary

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

Vulnerable Systems

Operating System

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Ubuntu Linux 4.1

Application

  • Carnegie Mellon University Cyrus Imap Server 1.4

  • Carnegie Mellon University Cyrus Imap Server 1.5.19

  • Carnegie Mellon University Cyrus Imap Server 2.0.12

  • Carnegie Mellon University Cyrus Imap Server 2.0.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.10

  • Carnegie Mellon University Cyrus Imap Server 2.1.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.7

  • Carnegie Mellon University Cyrus Imap Server 2.1.9

  • Carnegie Mellon University Cyrus Imap Server 2.2.0 Alpha

  • Carnegie Mellon University Cyrus Imap Server 2.2.1 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.2 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.3

  • Carnegie Mellon University Cyrus Imap Server 2.2.4

  • Carnegie Mellon University Cyrus Imap Server 2.2.5

  • Carnegie Mellon University Cyrus Imap Server 2.2.6

  • Carnegie Mellon University Cyrus Imap Server 2.2.7

  • Carnegie Mellon University Cyrus Imap Server 2.2.8

  • Carnegie Mellon University Cyrus Imap Server 2.2.9


References

GENTOO - GLSA-200411-34

XF - cyrus-magic-plus-bo(18274)

CONFIRM - http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

MANDRAKE - MDKSA-2004:139

MLIST - [cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released


Last Updated: 27 May 2016 10:38:51