Vulnerability Name:

CVE-2004-1012 (CCN-18199)

Assigned:2004-11-23
Published:2004-11-23
Updated:2017-07-11
Summary:The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MLIST
Type: UNKNOWN
[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released

Source: CCN
Type: Carnegie Mellon University Web site
Project Cyrus

Source: CONFIRM
Type: UNKNOWN
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

Source: MITRE
Type: CNA
CVE-2004-1012

Source: MITRE
Type: CNA
CVE-2004-1013

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:904
Multiple vulnerabilities in cyrus-imapd

Source: BUGTRAQ
Type: UNKNOWN
20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities

Source: CCN
Type: SA13274
Cyrus IMAP Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
13274

Source: MISC
Type: UNKNOWN
http://security.e-matters.de/advisories/152004.html

Source: GENTOO
Type: UNKNOWN
GLSA-200411-34

Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003

Source: DEBIAN
Type: UNKNOWN
DSA-597

Source: DEBIAN
Type: DSA-597
cyrus-imapd -- buffer overflow

Source: CCN
Type: GLSA-200411-34
Cyrus IMAP Server: Multiple remote vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:139

Source: CCN
Type: OpenPKG-SA-2004.051
IMAPd

Source: CCN
Type: OSVDB ID: 12097
Cyrus IMAP Server Partial Command Argument Parser Remote Overflow

Source: CCN
Type: OSVDB ID: 12098
Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow

Source: CCN
Type: BID-11729
Cyrus IMAPD Multiple Remote Vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0063
Multiple bugfixes

Source: CCN
Type: USN-31-1
cyrus21-imapd vulnerabilities

Source: XF
Type: UNKNOWN
cyrus-imap-commands-execute-code(18199)

Source: XF
Type: UNKNOWN
cyrus-imap-commands-execute-code(18199)

Source: SUSE
Type: SUSE-SA:2004:043
cyrus_imapd: remote command execution

Source: SUSE
Type: SUSE-SR:2004:003
SUSE Security Summary Report

Source: UBUNTU
Type: UNKNOWN
USN-31-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041012
    V
    		CVE-2004-1012
    2015-11-16
    oval:org.debian:def:597
    V
    		buffer overflow
    2004-11-25
    BACK
    carnegie_mellon_university cyrus imap server 2.1.7
    carnegie_mellon_university cyrus imap server 2.1.9
    carnegie_mellon_university cyrus imap server 2.1.10
    carnegie_mellon_university cyrus imap server 2.1.16
    carnegie_mellon_university cyrus imap server 2.2.0_alpha
    carnegie_mellon_university cyrus imap server 2.2.1_beta
    carnegie_mellon_university cyrus imap server 2.2.2_beta
    carnegie_mellon_university cyrus imap server 2.2.3
    carnegie_mellon_university cyrus imap server 2.2.4
    carnegie_mellon_university cyrus imap server 2.2.5
    carnegie_mellon_university cyrus imap server 2.2.6
    carnegie_mellon_university cyrus imap server 2.2.7
    carnegie_mellon_university cyrus imap server 2.2.8
    openpkg openpkg current
    conectiva linux 9.0
    conectiva linux 10.0
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    trustix secure linux 2.0
    trustix secure linux 2.1
    trustix secure linux 2.2
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 4.1
    carnegie_mellon_university cyrus imap server 2.2.6
    suse suse linux *
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    suse suse linux 8.1
    suse linux enterprise server 8
    suse suse linux 8.2
    conectiva linux 9.0
    suse suse linux 9.0
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    conectiva linux 10
    openpkg openpkg 2.1
    suse suse linux 9.2
    openpkg openpkg 2.2
    mandrakesoft mandrake linux 10.1
    trustix secure linux 2.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.0