Vulnerability Name:
CVE-2004-1011 (CCN-18198)
Assigned:
2004-11-23
Published:
2004-11-23
Updated:
2017-07-11
Summary:
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than
CVE-2004-1015
.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: MLIST
Type: UNKNOWN
[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released
Source: CCN
Type: Carnegie Mellon University Web site
Project Cyrus
Source: CONFIRM
Type: UNKNOWN
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
Source: MITRE
Type: CNA
CVE-2004-1011
Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:904
Multiple vulnerabilities in cyrus-imapd
Source: BUGTRAQ
Type: UNKNOWN
20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities
Source: CCN
Type: SA13274
Cyrus IMAP Server Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
13274
Source: MISC
Type: UNKNOWN
http://security.e-matters.de/advisories/152004.html
Source: GENTOO
Type: UNKNOWN
GLSA-200411-34
Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003
Source: CCN
Type: GLSA-200411-34
Cyrus IMAP Server: Multiple remote vulnerabilities
Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:139
Source: CCN
Type: OpenPKG-SA-2004.051
IMAPd
Source: CCN
Type: OSVDB ID: 12290
Cyrus IMAP Server imapmagicplus proxyd Overflow
Source: CCN
Type: BID-11729
Cyrus IMAPD Multiple Remote Vulnerabilities
Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0063
Multiple bugfixes
Source: XF
Type: UNKNOWN
cyrus-imap-username-bo(18198)
Source: XF
Type: UNKNOWN
cyrus-imap-username-bo(18198)
Source: SUSE
Type: SUSE-SA:2004:043
cyrus_imapd: remote command execution
Source: SUSE
Type: SUSE-SR:2004:003
SUSE Security Summary Report
Vulnerable Configuration:
Configuration 1
:
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
OR
cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
OR
cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
OR
cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
OR
cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:*
Configuration 2
:
cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
OR
cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
OR
cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
OR
cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
OR
cpe:/o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
OR
cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
OR
cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20041011
V
CVE-2004-1011
2015-11-16
BACK
carnegie_mellon_university
cyrus imap server 2.1.7
carnegie_mellon_university
cyrus imap server 2.1.9
carnegie_mellon_university
cyrus imap server 2.1.10
carnegie_mellon_university
cyrus imap server 2.1.16
carnegie_mellon_university
cyrus imap server 2.2.0_alpha
carnegie_mellon_university
cyrus imap server 2.2.1_beta
carnegie_mellon_university
cyrus imap server 2.2.2_beta
carnegie_mellon_university
cyrus imap server 2.2.3
carnegie_mellon_university
cyrus imap server 2.2.4
carnegie_mellon_university
cyrus imap server 2.2.5
carnegie_mellon_university
cyrus imap server 2.2.6
carnegie_mellon_university
cyrus imap server 2.2.7
carnegie_mellon_university
cyrus imap server 2.2.8
openpkg
openpkg current
conectiva
linux 9.0
conectiva
linux 10.0
redhat
fedora core core_2.0
redhat
fedora core core_3.0
trustix
secure linux 2.0
trustix
secure linux 2.1
trustix
secure linux 2.2
ubuntu
ubuntu linux 4.1
ubuntu
ubuntu linux 4.1
Denotes that component is vulnerable