Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1067

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1067
Last Modified 05 Sep 2008 04:40:14
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1067

Summary

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

Vulnerable Systems

Operating System

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Ubuntu Linux 4.1

Application

  • Carnegie Mellon University Cyrus Imap Server 1.4

  • Carnegie Mellon University Cyrus Imap Server 1.5.19

  • Carnegie Mellon University Cyrus Imap Server 2.0.12

  • Carnegie Mellon University Cyrus Imap Server 2.0.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.10

  • Carnegie Mellon University Cyrus Imap Server 2.1.16

  • Carnegie Mellon University Cyrus Imap Server 2.1.7

  • Carnegie Mellon University Cyrus Imap Server 2.1.9

  • Carnegie Mellon University Cyrus Imap Server 2.2.0 Alpha

  • Carnegie Mellon University Cyrus Imap Server 2.2.1 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.2 Beta

  • Carnegie Mellon University Cyrus Imap Server 2.2.3

  • Carnegie Mellon University Cyrus Imap Server 2.2.4

  • Carnegie Mellon University Cyrus Imap Server 2.2.5

  • Carnegie Mellon University Cyrus Imap Server 2.2.6

  • Carnegie Mellon University Cyrus Imap Server 2.2.7

  • Carnegie Mellon University Cyrus Imap Server 2.2.8

  • Carnegie Mellon University Cyrus Imap Server 2.2.9


References

BID - 11738

XF - cyrus-mysaslcanonuser-offbyone-bo(18333)

CONFIRM - http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

UBUNTU - USN-37-1


Last Updated: 27 May 2016 10:38:52