CVE-2004-1013

NONE EPSS 92.3%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Threat Intelligence

EPSS Exploit Probability
92.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 23

VendorProductVersionRange
carnegie_mellon_universitycyrus_imap_server2.1.7any
carnegie_mellon_universitycyrus_imap_server2.1.9any
carnegie_mellon_universitycyrus_imap_server2.1.10any
carnegie_mellon_universitycyrus_imap_server2.1.16any
carnegie_mellon_universitycyrus_imap_server2.2.0_alphaany
carnegie_mellon_universitycyrus_imap_server2.2.1_betaany
carnegie_mellon_universitycyrus_imap_server2.2.2_betaany
carnegie_mellon_universitycyrus_imap_server2.2.3any
carnegie_mellon_universitycyrus_imap_server2.2.4any
carnegie_mellon_universitycyrus_imap_server2.2.5any
carnegie_mellon_universitycyrus_imap_server2.2.6any
carnegie_mellon_universitycyrus_imap_server2.2.7any
carnegie_mellon_universitycyrus_imap_server2.2.8any
openpkgopenpkgcurrentany
conectivalinux9.0any
conectivalinux10.0any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
trustixsecure_linux2.2any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 9

  • asg.web.cmu.edu http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
  • asg.web.cmu.edu http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
  • marc.info http://marc.info/?l=bugtraq&m=110123023521619&w=2
  • secunia.com http://secunia.com/advisories/13274/
  • security.e-matters.de http://security.e-matters.de/advisories/152004.html
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200411-34.xml
  • debian.org http://www.debian.org/security/2004/dsa-597
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
  • ubuntu.com https://www.ubuntu.com/usn/usn-31-1/

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-597
    PatchVendor Advisory