CVE Vulnerabilities

CVE-2004-1013

Published: Jan 10, 2005 | Modified: Dec 08, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) body[p, (2) binary[p, or (3) binary[p) that cause an index increment error that leads to an out-of-bounds memory corruption.

Affected Software

Name Vendor Start Version End Version
Cyrus_imap_server Carnegie_mellon_university 2.1.7 (including) 2.1.7 (including)
Cyrus_imap_server Carnegie_mellon_university 2.1.9 (including) 2.1.9 (including)
Cyrus_imap_server Carnegie_mellon_university 2.1.10 (including) 2.1.10 (including)
Cyrus_imap_server Carnegie_mellon_university 2.1.16 (including) 2.1.16 (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.0_alpha (including) 2.2.0_alpha (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.1_beta (including) 2.2.1_beta (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.2_beta (including) 2.2.2_beta (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.3 (including) 2.2.3 (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.4 (including) 2.2.4 (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.5 (including) 2.2.5 (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.6 (including) 2.2.6 (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.7 (including) 2.2.7 (including)
Cyrus_imap_server Carnegie_mellon_university 2.2.8 (including) 2.2.8 (including)
Openpkg Openpkg current (including) current (including)
Linux Conectiva 9.0 (including) 9.0 (including)
Linux Conectiva 10.0 (including) 10.0 (including)
Cyrus21-imapd Ubuntu dapper *
Cyrus21-imapd Ubuntu edgy *
Cyrus21-imapd Ubuntu feisty *

References