Vulnerability Name:

CVE-2004-1015 (CCN-18274)

Assigned:2004-11-25
Published:2004-11-25
Updated:2017-07-11
Summary:Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MLIST
Type: UNKNOWN
[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released

Source: CCN
Type: Cyrus Download Web page
Download Cyrus Software

Source: CONFIRM
Type: UNKNOWN
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

Source: MITRE
Type: CNA
CVE-2004-1015

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:904
Multiple vulnerabilities in cyrus-imapd

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200411-34

Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003

Source: CCN
Type: GLSA-200411-34
Cyrus IMAP Server: Multiple remote vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:139

Source: CCN
Type: OpenPKG-SA-2004.051
IMAPd

Source: CCN
Type: OSVDB ID: 12096
Cyrus IMAP Server IMAPMAGICPLUS Option Pre-Authentication Remote Overflow

Source: CCN
Type: BID-11738
Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities

Source: XF
Type: UNKNOWN
cyrus-magic-plus-bo(18274)

Source: XF
Type: UNKNOWN
cyrus-magic-plus-bo(18274)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    carnegie_mellon_university cyrus imap server 1.4
    carnegie_mellon_university cyrus imap server 1.5.19
    carnegie_mellon_university cyrus imap server 2.0.12
    carnegie_mellon_university cyrus imap server 2.0.16
    carnegie_mellon_university cyrus imap server 2.1.7
    carnegie_mellon_university cyrus imap server 2.1.9
    carnegie_mellon_university cyrus imap server 2.1.10
    carnegie_mellon_university cyrus imap server 2.1.16
    carnegie_mellon_university cyrus imap server 2.2.0_alpha
    carnegie_mellon_university cyrus imap server 2.2.1_beta
    carnegie_mellon_university cyrus imap server 2.2.2_beta
    carnegie_mellon_university cyrus imap server 2.2.3
    carnegie_mellon_university cyrus imap server 2.2.4
    carnegie_mellon_university cyrus imap server 2.2.5
    carnegie_mellon_university cyrus imap server 2.2.6
    carnegie_mellon_university cyrus imap server 2.2.7
    carnegie_mellon_university cyrus imap server 2.2.8
    carnegie_mellon_university cyrus imap server 2.2.9
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 4.1
    carnegie_mellon_university cyrus imap server 2.2.9
    openpkg openpkg current
    gentoo linux *
    conectiva linux 9.0
    mandrakesoft mandrake linux 10.0
    conectiva linux 10
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.0