Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2005-01-10 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

References

▼	URL	Tags
	cve@mitre.org	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
	cve@mitre.org	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=110123023521619&w=2
	cve@mitre.org	http://secunia.com/advisories/13274/
	cve@mitre.org	http://security.e-matters.de/advisories/152004.html
	cve@mitre.org	http://security.gentoo.org/glsa/glsa-200411-34.xml
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18198
	af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
	af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110123023521619&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13274/
	af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/152004.html
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200411-34.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18198

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	2.1.7
carnegie_mellon_university	cyrus_imap_server	2.1.9
carnegie_mellon_university	cyrus_imap_server	2.1.10
carnegie_mellon_university	cyrus_imap_server	2.1.16
carnegie_mellon_university	cyrus_imap_server	2.2.0_alpha
carnegie_mellon_university	cyrus_imap_server	2.2.1_beta
carnegie_mellon_university	cyrus_imap_server	2.2.2_beta
carnegie_mellon_university	cyrus_imap_server	2.2.3
carnegie_mellon_university	cyrus_imap_server	2.2.4
carnegie_mellon_university	cyrus_imap_server	2.2.5
carnegie_mellon_university	cyrus_imap_server	2.2.6
carnegie_mellon_university	cyrus_imap_server	2.2.7
carnegie_mellon_university	cyrus_imap_server	2.2.8
openpkg	openpkg	current
conectiva	linux	9.0
conectiva	linux	10.0
redhat	fedora_core	core_2.0
redhat	fedora_core	core_3.0
trustix	secure_linux	2.0
trustix	secure_linux	2.1
trustix	secure_linux	2.2
ubuntu	ubuntu_linux	4.1
ubuntu	ubuntu_linux	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7077ABB3-CD11-4E1C-9E34-8EC94C1101F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC21C9C1-C8A2-4879-A604-E1192438A847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF89521-977F-425A-BC5B-9D6F2F778125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FC7757-3A91-4E49-92C4-603A403BF7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D17A195-4E9E-49C8-878D-D64CB6DB175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A72779-D978-40E4-B2E6-BA7DB94B1FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D1923E-96B6-46F6-8E30-3831CA047C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2BDC99-FA96-4520-9485-F091F0DD4F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DA2ED-7300-4736-BE05-8B6DE2CD71C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA0C525-DC15-4C9E-BD7E-967BEF3AED9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD50BC1E-6793-44EE-B563-B1095BD710C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA911A6-2192-42F0-9E60-171B221241C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4475B5-443F-4ECD-B095-4D84F9D5F96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
    },
    {
      "lang": "es",
      "value": "Desbordamiento basado en la pila en Cyrus IMAP Server 2.2.4 a 2.2.8, con la opci\u00f3n imapmagicplus establecida, permite a atacantes remotos ejecuta c\u00f3digo de su elecci\u00f3n mediante un comando PROXY o LOGIN largo, una vulnerabilidad distinta de CAN-2004-1015."
    }
  ],
  "id": "CVE-2004-1011",
  "lastModified": "2024-11-20T23:49:54.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13274/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.e-matters.de/advisories/152004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13274/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.e-matters.de/advisories/152004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-01-10 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

References

URL	Tags
cve@mitre.org	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
cve@mitre.org	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200411-34.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200411-34.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18274

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	1.4
carnegie_mellon_university	cyrus_imap_server	1.5.19
carnegie_mellon_university	cyrus_imap_server	2.0.12
carnegie_mellon_university	cyrus_imap_server	2.0.16
carnegie_mellon_university	cyrus_imap_server	2.1.7
carnegie_mellon_university	cyrus_imap_server	2.1.9
carnegie_mellon_university	cyrus_imap_server	2.1.10
carnegie_mellon_university	cyrus_imap_server	2.1.16
carnegie_mellon_university	cyrus_imap_server	2.2.0_alpha
carnegie_mellon_university	cyrus_imap_server	2.2.1_beta
carnegie_mellon_university	cyrus_imap_server	2.2.2_beta
carnegie_mellon_university	cyrus_imap_server	2.2.3
carnegie_mellon_university	cyrus_imap_server	2.2.4
carnegie_mellon_university	cyrus_imap_server	2.2.5
carnegie_mellon_university	cyrus_imap_server	2.2.6
carnegie_mellon_university	cyrus_imap_server	2.2.7
carnegie_mellon_university	cyrus_imap_server	2.2.8
carnegie_mellon_university	cyrus_imap_server	2.2.9
redhat	fedora_core	core_2.0
redhat	fedora_core	core_3.0
ubuntu	ubuntu_linux	4.1
ubuntu	ubuntu_linux	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B7EED3-88ED-4959-9B0D-4593F82B482C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9651929E-7E3D-4967-B4EC-BC1D87386A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03A2FFF-D736-436F-AB01-952C90CC88A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "686E6850-2FFB-4A83-9BBB-9C4FB456294E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7077ABB3-CD11-4E1C-9E34-8EC94C1101F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC21C9C1-C8A2-4879-A604-E1192438A847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF89521-977F-425A-BC5B-9D6F2F778125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FC7757-3A91-4E49-92C4-603A403BF7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D17A195-4E9E-49C8-878D-D64CB6DB175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A72779-D978-40E4-B2E6-BA7DB94B1FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D1923E-96B6-46F6-8E30-3831CA047C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2BDC99-FA96-4520-9485-F091F0DD4F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DA2ED-7300-4736-BE05-8B6DE2CD71C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA0C525-DC15-4C9E-BD7E-967BEF3AED9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD50BC1E-6793-44EE-B563-B1095BD710C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA911A6-2192-42F0-9E60-171B221241C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4475B5-443F-4ECD-B095-4D84F9D5F96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "941DD616-2910-4B61-89E5-5DDAE8E930A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en proxyd de Cyrus IMAP Server 2.2.9 y anteriores, con la opci\u00f3n imapmagicplus establecida, puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n, una vulnerabilidad distinta de CAN-2004-1011."
    }
  ],
  "id": "CVE-2004-1015",
  "lastModified": "2024-11-20T23:49:54.623",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-01-10 05:00

Modified

2024-11-20 23:50

Severity ?

Summary

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

References

URL	Tags
cve@mitre.org	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
cve@mitre.org	http://www.securityfocus.com/bid/11738	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18333
cve@mitre.org	https://www.ubuntu.com/usn/usn-37-1/
af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11738	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18333
af854a3a-2127-422b-91ae-364da2661108	https://www.ubuntu.com/usn/usn-37-1/

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	1.4
carnegie_mellon_university	cyrus_imap_server	1.5.19
carnegie_mellon_university	cyrus_imap_server	2.0.12
carnegie_mellon_university	cyrus_imap_server	2.0.16
carnegie_mellon_university	cyrus_imap_server	2.1.7
carnegie_mellon_university	cyrus_imap_server	2.1.9
carnegie_mellon_university	cyrus_imap_server	2.1.10
carnegie_mellon_university	cyrus_imap_server	2.1.16
carnegie_mellon_university	cyrus_imap_server	2.2.0_alpha
carnegie_mellon_university	cyrus_imap_server	2.2.1_beta
carnegie_mellon_university	cyrus_imap_server	2.2.2_beta
carnegie_mellon_university	cyrus_imap_server	2.2.3
carnegie_mellon_university	cyrus_imap_server	2.2.4
carnegie_mellon_university	cyrus_imap_server	2.2.5
carnegie_mellon_university	cyrus_imap_server	2.2.6
carnegie_mellon_university	cyrus_imap_server	2.2.7
carnegie_mellon_university	cyrus_imap_server	2.2.8
carnegie_mellon_university	cyrus_imap_server	2.2.9
redhat	fedora_core	core_2.0
redhat	fedora_core	core_3.0
ubuntu	ubuntu_linux	4.1
ubuntu	ubuntu_linux	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B7EED3-88ED-4959-9B0D-4593F82B482C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9651929E-7E3D-4967-B4EC-BC1D87386A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03A2FFF-D736-436F-AB01-952C90CC88A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "686E6850-2FFB-4A83-9BBB-9C4FB456294E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7077ABB3-CD11-4E1C-9E34-8EC94C1101F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC21C9C1-C8A2-4879-A604-E1192438A847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF89521-977F-425A-BC5B-9D6F2F778125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FC7757-3A91-4E49-92C4-603A403BF7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D17A195-4E9E-49C8-878D-D64CB6DB175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A72779-D978-40E4-B2E6-BA7DB94B1FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D1923E-96B6-46F6-8E30-3831CA047C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2BDC99-FA96-4520-9485-F091F0DD4F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DA2ED-7300-4736-BE05-8B6DE2CD71C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA0C525-DC15-4C9E-BD7E-967BEF3AED9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD50BC1E-6793-44EE-B563-B1095BD710C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA911A6-2192-42F0-9E60-171B221241C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4475B5-443F-4ECD-B095-4D84F9D5F96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "941DD616-2910-4B61-89E5-5DDAE8E930A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
    },
    {
      "lang": "es",
      "value": "Error de fuera-por-uno en la funci\u00f3n myasl_canon_user en Cyrus IMAP Server 2.2.9 y anteriores conduce a un desbordamiento de b\u00fafer, lo que puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante el nombre de usuario."
    }
  ],
  "id": "CVE-2004-1067",
  "lastModified": "2024-11-20T23:50:00.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11738"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-37-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-37-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2001-08-30 04:00

Modified

2024-11-20 23:37

Severity ?

Summary

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/archive/1/211056	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/3260	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/7053
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/211056	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/3260	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/7053

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	1.6.24
carnegie_mellon_university	cyrus_imap_server	2.0.15
carnegie_mellon_university	cyrus_imap_server	2.0.16
bsdi	bsd_os	4.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.6.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C5549E-B9DC-4704-90C7-B32E84055AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "65421EE4-CD45-4C99-83A4-E8F17D6B8291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "686E6850-2FFB-4A83-9BBB-9C4FB456294E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bsdi:bsd_os:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7267B83B-1DC7-4A38-9338-B3BC3B2ECD74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
    }
  ],
  "id": "CVE-2001-1154",
  "lastModified": "2024-11-20T23:37:01.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-08-30T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/211056"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3260"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/211056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-01-10 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

References

URL	Tags
cve@mitre.org	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
cve@mitre.org	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=110123023521619&w=2
cve@mitre.org	http://secunia.com/advisories/13274/
cve@mitre.org	http://security.e-matters.de/advisories/152004.html
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200411-34.xml
cve@mitre.org	http://www.debian.org/security/2004/dsa-597	Patch, Vendor Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
cve@mitre.org	https://www.ubuntu.com/usn/usn-31-1/
af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110123023521619&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13274/
af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/152004.html
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200411-34.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-597	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
af854a3a-2127-422b-91ae-364da2661108	https://www.ubuntu.com/usn/usn-31-1/

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	2.1.7
carnegie_mellon_university	cyrus_imap_server	2.1.9
carnegie_mellon_university	cyrus_imap_server	2.1.10
carnegie_mellon_university	cyrus_imap_server	2.1.16
carnegie_mellon_university	cyrus_imap_server	2.2.0_alpha
carnegie_mellon_university	cyrus_imap_server	2.2.1_beta
carnegie_mellon_university	cyrus_imap_server	2.2.2_beta
carnegie_mellon_university	cyrus_imap_server	2.2.3
carnegie_mellon_university	cyrus_imap_server	2.2.4
carnegie_mellon_university	cyrus_imap_server	2.2.5
carnegie_mellon_university	cyrus_imap_server	2.2.6
carnegie_mellon_university	cyrus_imap_server	2.2.7
carnegie_mellon_university	cyrus_imap_server	2.2.8
openpkg	openpkg	current
conectiva	linux	9.0
conectiva	linux	10.0
redhat	fedora_core	core_2.0
redhat	fedora_core	core_3.0
trustix	secure_linux	2.0
trustix	secure_linux	2.1
trustix	secure_linux	2.2
ubuntu	ubuntu_linux	4.1
ubuntu	ubuntu_linux	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7077ABB3-CD11-4E1C-9E34-8EC94C1101F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC21C9C1-C8A2-4879-A604-E1192438A847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF89521-977F-425A-BC5B-9D6F2F778125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FC7757-3A91-4E49-92C4-603A403BF7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D17A195-4E9E-49C8-878D-D64CB6DB175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A72779-D978-40E4-B2E6-BA7DB94B1FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D1923E-96B6-46F6-8E30-3831CA047C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2BDC99-FA96-4520-9485-F091F0DD4F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DA2ED-7300-4736-BE05-8B6DE2CD71C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA0C525-DC15-4C9E-BD7E-967BEF3AED9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD50BC1E-6793-44EE-B563-B1095BD710C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA911A6-2192-42F0-9E60-171B221241C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4475B5-443F-4ECD-B095-4D84F9D5F96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
    },
    {
      "lang": "es",
      "value": "El procesador de argumentos de la orden FETCH de Cyrus IMAP Server 2.2.x a 2.2.8 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante ciertos comandos como (1) \"body[p\", (2) \"binary[p\", o (3) \"binary[p\" que producen un error de incremento de \u00edndice que conduce a una corrupci\u00f3n de memoria fuera de l\u00edmites."
    }
  ],
  "id": "CVE-2004-1013",
  "lastModified": "2024-11-20T23:49:54.347",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13274/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.e-matters.de/advisories/152004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-597"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-31-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13274/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.e-matters.de/advisories/152004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-31-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2005-01-10 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

References

▼	URL	Tags
	cve@mitre.org	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
	cve@mitre.org	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=110123023521619&w=2
	cve@mitre.org	http://secunia.com/advisories/13274/
	cve@mitre.org	http://security.e-matters.de/advisories/152004.html
	cve@mitre.org	http://security.gentoo.org/glsa/glsa-200411-34.xml
	cve@mitre.org	http://www.debian.org/security/2004/dsa-597
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
	cve@mitre.org	https://www.ubuntu.com/usn/usn-31-1/
	af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
	af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=110123023521619&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13274/
	af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/152004.html
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200411-34.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-597
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
	af854a3a-2127-422b-91ae-364da2661108	https://www.ubuntu.com/usn/usn-31-1/

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	2.1.7
carnegie_mellon_university	cyrus_imap_server	2.1.9
carnegie_mellon_university	cyrus_imap_server	2.1.10
carnegie_mellon_university	cyrus_imap_server	2.1.16
carnegie_mellon_university	cyrus_imap_server	2.2.0_alpha
carnegie_mellon_university	cyrus_imap_server	2.2.1_beta
carnegie_mellon_university	cyrus_imap_server	2.2.2_beta
carnegie_mellon_university	cyrus_imap_server	2.2.3
carnegie_mellon_university	cyrus_imap_server	2.2.4
carnegie_mellon_university	cyrus_imap_server	2.2.5
carnegie_mellon_university	cyrus_imap_server	2.2.6
carnegie_mellon_university	cyrus_imap_server	2.2.7
carnegie_mellon_university	cyrus_imap_server	2.2.8
openpkg	openpkg	current
conectiva	linux	9.0
conectiva	linux	10.0
redhat	fedora_core	core_2.0
redhat	fedora_core	core_3.0
trustix	secure_linux	2.0
trustix	secure_linux	2.1
trustix	secure_linux	2.2
ubuntu	ubuntu_linux	4.1
ubuntu	ubuntu_linux	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7077ABB3-CD11-4E1C-9E34-8EC94C1101F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC21C9C1-C8A2-4879-A604-E1192438A847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF89521-977F-425A-BC5B-9D6F2F778125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FC7757-3A91-4E49-92C4-603A403BF7F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D17A195-4E9E-49C8-878D-D64CB6DB175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A72779-D978-40E4-B2E6-BA7DB94B1FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D1923E-96B6-46F6-8E30-3831CA047C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2BDC99-FA96-4520-9485-F091F0DD4F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7DA2ED-7300-4736-BE05-8B6DE2CD71C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA0C525-DC15-4C9E-BD7E-967BEF3AED9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD50BC1E-6793-44EE-B563-B1095BD710C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA911A6-2192-42F0-9E60-171B221241C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4475B5-443F-4ECD-B095-4D84F9D5F96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
    },
    {
      "lang": "es",
      "value": "El procesador de argumentos de la orden PARTIAL de Cyrus IMAP Server 2.2.6 y anteriores permite a usuarios remotos autentificados ejecutar c\u00f3digo de su elecci\u00f3n mediante una cierta orden (\"body[p\") que es tratada como una orden distinta (\"body.peek\") y produce un error de incremento de \u00edndice que conduce a una corrupci\u00f3n de memoria fuera de l\u00edmites."
    }
  ],
  "id": "CVE-2004-1012",
  "lastModified": "2024-11-20T23:49:54.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13274/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.e-matters.de/advisories/152004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-597"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-31-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13274/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.e-matters.de/advisories/152004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-31-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2004-06-14 04:00

Modified

2024-11-20 23:41

Severity ?

Summary

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

References

URL	Tags
cve@mitre.org	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557	Vendor Advisory
cve@mitre.org	http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
cve@mitre.org	http://www.debian.org/security/2002/dsa-215
cve@mitre.org	http://www.kb.cert.org/vuls/id/740169	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/301864	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/6298	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/10744
af854a3a-2127-422b-91ae-364da2661108	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2002/dsa-215
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/740169	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/301864	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6298	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/10744

Impacted products

Vendor	Product	Version
carnegie_mellon_university	cyrus_imap_server	1.4
carnegie_mellon_university	cyrus_imap_server	1.5.19
carnegie_mellon_university	cyrus_imap_server	2.0.12
carnegie_mellon_university	cyrus_imap_server	2.0.16
carnegie_mellon_university	cyrus_imap_server	2.1.9
carnegie_mellon_university	cyrus_imap_server	2.1.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B7EED3-88ED-4959-9B0D-4593F82B482C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9651929E-7E3D-4967-B4EC-BC1D87386A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03A2FFF-D736-436F-AB01-952C90CC88A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "686E6850-2FFB-4A83-9BBB-9C4FB456294E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC21C9C1-C8A2-4879-A604-E1192438A847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF89521-977F-425A-BC5B-9D6F2F778125",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en imapparse.c de Cyrus IMAP server 1.4 y 2.1.10 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un valor de longitud grande que facilita un ataque de desbordamiento de b\u00fafer, una vulnerabilidad distinta de CAN-2002-1347."
    }
  ],
  "id": "CVE-2002-1580",
  "lastModified": "2024-11-20T23:41:38.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-06-14T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2002/dsa-215"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/740169"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/301864"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6298"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2002/dsa-215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/740169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/301864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-1015

Vulnerability from cvelistv5

Published

2004-12-01 05:00

Modified

2024-08-08 00:39

Severity ?

Summary

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/18274	vdb-entry, x_refsource_XF
	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139	vendor-advisory, x_refsource_MANDRAKE
	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145	mailing-list, x_refsource_MLIST
	http://security.gentoo.org/glsa/glsa-200411-34.xml	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cyrus-magic-plus-bo(18274)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
          },
          {
            "name": "MDKSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
          },
          {
            "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
          },
          {
            "name": "GLSA-200411-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cyrus-magic-plus-bo(18274)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
        },
        {
          "name": "MDKSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
        },
        {
          "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
        },
        {
          "name": "GLSA-200411-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cyrus-magic-plus-bo(18274)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
            },
            {
              "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
              "refsource": "CONFIRM",
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
              "refsource": "MLIST",
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
            },
            {
              "name": "GLSA-200411-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1015",
    "datePublished": "2004-12-01T05:00:00",
    "dateReserved": "2004-11-04T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1580

Vulnerability from cvelistv5

Published

2004-05-20 04:00

Modified

2024-08-08 03:26

Severity ?

Summary

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

References

▼	URL	Tags
	http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557	vendor-advisory, x_refsource_CONECTIVA
	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557	vendor-advisory, x_refsource_CONECTIVA
	http://www.debian.org/security/2002/dsa-215	vendor-advisory, x_refsource_DEBIAN
	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/740169	third-party-advisory, x_refsource_CERT-VN
	http://www.securityfocus.com/bid/6298	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/10744	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/301864	mailing-list, x_refsource_BUGTRAQ

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:29.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "000557",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
          },
          {
            "name": "CLA-2002:557",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
          },
          {
            "name": "DSA-215",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-215"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
          },
          {
            "name": "VU#740169",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/740169"
          },
          {
            "name": "6298",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6298"
          },
          {
            "name": "cyrus-imap-preauth-bo(10744)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
          },
          {
            "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/301864"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-12-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "000557",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
        },
        {
          "name": "CLA-2002:557",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
        },
        {
          "name": "DSA-215",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-215"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
        },
        {
          "name": "VU#740169",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/740169"
        },
        {
          "name": "6298",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6298"
        },
        {
          "name": "cyrus-imap-preauth-bo(10744)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
        },
        {
          "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/301864"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1580",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "000557",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
            },
            {
              "name": "CLA-2002:557",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
            },
            {
              "name": "DSA-215",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-215"
            },
            {
              "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
              "refsource": "CONFIRM",
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "VU#740169",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/740169"
            },
            {
              "name": "6298",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6298"
            },
            {
              "name": "cyrus-imap-preauth-bo(10744)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
            },
            {
              "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/301864"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1580",
    "datePublished": "2004-05-20T04:00:00",
    "dateReserved": "2004-05-13T00:00:00",
    "dateUpdated": "2024-08-08T03:26:29.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1154

Vulnerability from cvelistv5

Published

2002-03-15 05:00

Modified

2024-08-08 04:44

Severity ?

Summary

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/7053	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/211056	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/3260	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:07.894Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cyrus-imap-php-dos(7053)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
          },
          {
            "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/211056"
          },
          {
            "name": "3260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3260"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cyrus-imap-php-dos(7053)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
        },
        {
          "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/211056"
        },
        {
          "name": "3260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3260"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cyrus-imap-php-dos(7053)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
            },
            {
              "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/211056"
            },
            {
              "name": "3260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3260"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1154",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:07.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1012

Vulnerability from cvelistv5

Published

2004-12-01 05:00

Modified

2024-08-08 00:39

Severity ?

Summary

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

References

▼	URL	Tags
	http://www.debian.org/security/2004/dsa-597	vendor-advisory, x_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/18199	vdb-entry, x_refsource_XF
	http://security.e-matters.de/advisories/152004.html	x_refsource_MISC
	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139	vendor-advisory, x_refsource_MANDRAKE
	http://marc.info/?l=bugtraq&m=110123023521619&w=2	mailing-list, x_refsource_BUGTRAQ
	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/13274/	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200411-34.xml	vendor-advisory, x_refsource_GENTOO
	https://www.ubuntu.com/usn/usn-31-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-597",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-597"
          },
          {
            "name": "cyrus-imap-commands-execute-code(18199)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.e-matters.de/advisories/152004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
          },
          {
            "name": "MDKSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
          },
          {
            "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
          },
          {
            "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
          },
          {
            "name": "13274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13274/"
          },
          {
            "name": "GLSA-200411-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
          },
          {
            "name": "USN-31-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-31-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-597",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-597"
        },
        {
          "name": "cyrus-imap-commands-execute-code(18199)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.e-matters.de/advisories/152004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
        },
        {
          "name": "MDKSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
        },
        {
          "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
        },
        {
          "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
        },
        {
          "name": "13274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13274/"
        },
        {
          "name": "GLSA-200411-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
        },
        {
          "name": "USN-31-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-31-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-597",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-597"
            },
            {
              "name": "cyrus-imap-commands-execute-code(18199)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
            },
            {
              "name": "http://security.e-matters.de/advisories/152004.html",
              "refsource": "MISC",
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
              "refsource": "CONFIRM",
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "refsource": "MLIST",
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            },
            {
              "name": "USN-31-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-31-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1012",
    "datePublished": "2004-12-01T05:00:00",
    "dateReserved": "2004-11-04T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1013

Vulnerability from cvelistv5

Published

2004-12-01 05:00

Modified

2024-08-08 00:38

Severity ?

Summary

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

References

▼	URL	Tags
	http://www.debian.org/security/2004/dsa-597	vendor-advisory, x_refsource_DEBIAN
	http://security.e-matters.de/advisories/152004.html	x_refsource_MISC
	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139	vendor-advisory, x_refsource_MANDRAKE
	http://marc.info/?l=bugtraq&m=110123023521619&w=2	mailing-list, x_refsource_BUGTRAQ
	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/13274/	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200411-34.xml	vendor-advisory, x_refsource_GENTOO
	https://www.ubuntu.com/usn/usn-31-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:38:59.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-597",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-597"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.e-matters.de/advisories/152004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
          },
          {
            "name": "MDKSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
          },
          {
            "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
          },
          {
            "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
          },
          {
            "name": "13274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13274/"
          },
          {
            "name": "GLSA-200411-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
          },
          {
            "name": "USN-31-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-31-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-597",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-597"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.e-matters.de/advisories/152004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
        },
        {
          "name": "MDKSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
        },
        {
          "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
        },
        {
          "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
        },
        {
          "name": "13274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13274/"
        },
        {
          "name": "GLSA-200411-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
        },
        {
          "name": "USN-31-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-31-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-597",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-597"
            },
            {
              "name": "http://security.e-matters.de/advisories/152004.html",
              "refsource": "MISC",
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
              "refsource": "CONFIRM",
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "refsource": "MLIST",
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            },
            {
              "name": "USN-31-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-31-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1013",
    "datePublished": "2004-12-01T05:00:00",
    "dateReserved": "2004-11-04T00:00:00",
    "dateUpdated": "2024-08-08T00:38:59.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1067

Vulnerability from cvelistv5

Published

2004-12-10 05:00

Modified

2024-08-08 00:39

Severity ?

Summary

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/18333	vdb-entry, x_refsource_XF
	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/11738	vdb-entry, x_refsource_BID
	https://www.ubuntu.com/usn/usn-37-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
          },
          {
            "name": "11738",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11738"
          },
          {
            "name": "USN-37-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-37-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
        },
        {
          "name": "11738",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11738"
        },
        {
          "name": "USN-37-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-37-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
            },
            {
              "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
              "refsource": "CONFIRM",
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "11738",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11738"
            },
            {
              "name": "USN-37-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-37-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1067",
    "datePublished": "2004-12-10T05:00:00",
    "dateReserved": "2004-11-29T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1011

Vulnerability from cvelistv5

Published

2004-12-01 05:00

Modified

2024-08-08 00:39

Severity ?

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

References

▼	URL	Tags
	http://security.e-matters.de/advisories/152004.html	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/18198	vdb-entry, x_refsource_XF
	http://asg.web.cmu.edu/cyrus/download/imapd/changes.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDKSA-2004:139	vendor-advisory, x_refsource_MANDRAKE
	http://marc.info/?l=bugtraq&m=110123023521619&w=2	mailing-list, x_refsource_BUGTRAQ
	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/13274/	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200411-34.xml	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.e-matters.de/advisories/152004.html"
          },
          {
            "name": "cyrus-imap-username-bo(18198)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
          },
          {
            "name": "MDKSA-2004:139",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
          },
          {
            "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
          },
          {
            "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
          },
          {
            "name": "13274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13274/"
          },
          {
            "name": "GLSA-200411-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.e-matters.de/advisories/152004.html"
        },
        {
          "name": "cyrus-imap-username-bo(18198)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
        },
        {
          "name": "MDKSA-2004:139",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
        },
        {
          "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
        },
        {
          "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
        },
        {
          "name": "13274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13274/"
        },
        {
          "name": "GLSA-200411-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security.e-matters.de/advisories/152004.html",
              "refsource": "MISC",
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "name": "cyrus-imap-username-bo(18198)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
            },
            {
              "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
              "refsource": "CONFIRM",
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "refsource": "MLIST",
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1011",
    "datePublished": "2004-12-01T05:00:00",
    "dateReserved": "2004-11-04T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to carnegie_mellon_university - cyrus_imap_server

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

cve-2004-1015

Vulnerability from cvelistv5

cve-2002-1580

Vulnerability from cvelistv5

cve-2001-1154

Vulnerability from cvelistv5

cve-2004-1012

Vulnerability from cvelistv5

cve-2004-1013

Vulnerability from cvelistv5

cve-2004-1067

Vulnerability from cvelistv5

cve-2004-1011

Vulnerability from cvelistv5