CVE-2004-1012
NONE EPSS 92.4%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
Threat Intelligence
EPSS Exploit Probability
92.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 | any |
| openpkg | openpkg | current | any |
| conectiva | linux | 9.0 | any |
| conectiva | linux | 10.0 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| trustix | secure_linux | 2.2 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 10
- asg.web.cmu.edu http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
- asg.web.cmu.edu http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
- marc.info http://marc.info/?l=bugtraq&m=110123023521619&w=2
- secunia.com http://secunia.com/advisories/13274/
- security.e-matters.de http://security.e-matters.de/advisories/152004.html
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200411-34.xml
- debian.org http://www.debian.org/security/2004/dsa-597
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18199
- ubuntu.com https://www.ubuntu.com/usn/usn-31-1/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.