CVE-2004-1013
NONE EPSS 92.3%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
Threat Intelligence
EPSS Exploit Probability
92.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | 2.1.7 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.1.9 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.1.10 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.1.16 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.0_alpha | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.1_beta | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.2_beta | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.3 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.4 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.5 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.6 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.7 | any |
| carnegie_mellon_university | cyrus_imap_server | 2.2.8 | any |
| openpkg | openpkg | current | any |
| conectiva | linux | 9.0 | any |
| conectiva | linux | 10.0 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| trustix | secure_linux | 2.2 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 9
- asg.web.cmu.edu http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
- asg.web.cmu.edu http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
- marc.info http://marc.info/?l=bugtraq&m=110123023521619&w=2
- secunia.com http://secunia.com/advisories/13274/
- security.e-matters.de http://security.e-matters.de/advisories/152004.html
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200411-34.xml
- debian.org http://www.debian.org/security/2004/dsa-597
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
- ubuntu.com https://www.ubuntu.com/usn/usn-31-1/
Remediation
- debian.org http://www.debian.org/security/2004/dsa-597