Vulnerability Name:

CVE-2004-1067 (CCN-18333)

Assigned:2004-12-02
Published:2004-12-02
Updated:2017-07-11
Summary:Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Cyrus Download Web page
Download Cyrus Software

Source: CONFIRM
Type: UNKNOWN
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

Source: MITRE
Type: CNA
CVE-2004-1067

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:904
Multiple vulnerabilities in cyrus-imapd

Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003

Source: CCN
Type: OSVDB ID: 12348
Cyrus IMAP Server mysasl_canon_user() Function Remote Overflow

Source: BID
Type: Patch, Vendor Advisory
11738

Source: CCN
Type: BID-11738
Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities

Source: CCN
Type: USN-37-1
cyrus21-imapd vulnerability

Source: XF
Type: UNKNOWN
cyrus-mysaslcanonuser-offbyone-bo(18333)

Source: XF
Type: UNKNOWN
cyrus-mysaslcanonuser-offbyone-bo(18333)

Source: UBUNTU
Type: UNKNOWN
USN-37-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    carnegie_mellon_university cyrus imap server 1.4
    carnegie_mellon_university cyrus imap server 1.5.19
    carnegie_mellon_university cyrus imap server 2.0.12
    carnegie_mellon_university cyrus imap server 2.0.16
    carnegie_mellon_university cyrus imap server 2.1.7
    carnegie_mellon_university cyrus imap server 2.1.9
    carnegie_mellon_university cyrus imap server 2.1.10
    carnegie_mellon_university cyrus imap server 2.1.16
    carnegie_mellon_university cyrus imap server 2.2.0_alpha
    carnegie_mellon_university cyrus imap server 2.2.1_beta
    carnegie_mellon_university cyrus imap server 2.2.2_beta
    carnegie_mellon_university cyrus imap server 2.2.3
    carnegie_mellon_university cyrus imap server 2.2.4
    carnegie_mellon_university cyrus imap server 2.2.5
    carnegie_mellon_university cyrus imap server 2.2.6
    carnegie_mellon_university cyrus imap server 2.2.7
    carnegie_mellon_university cyrus imap server 2.2.8
    carnegie_mellon_university cyrus imap server 2.2.9
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 4.1
    carnegie_mellon_university cyrus imap server 2.2.9
    openpkg openpkg current
    gentoo linux *
    conectiva linux 9.0
    mandrakesoft mandrake linux 10.0
    conectiva linux 10
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    mandrakesoft mandrake linux 10.1