CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1015

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0280%
EPSS Percentile19.70th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

Affected Platforms (CPE)

πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 1.4
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 1.5.19
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.0.12
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.0.16
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.7
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.9
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.10
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.16
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.0_alpha
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.1_beta
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.2_beta
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.3
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.4
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.5
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.6
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.7
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.8
πŸ“¦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.9
πŸ’»
Redhat

Fedora Core

= core_2.0
πŸ’»
Redhat

Fedora Core

= core_3.0
πŸ’»
Ubuntu

Ubuntu Linux

= 4.1
πŸ’»
Ubuntu

Ubuntu Linux

= 4.1

References & Advisories

πŸ”— http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
πŸ”— http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
πŸ”— http://security.gentoo.org/glsa/glsa-200411-34.xml
πŸ”— http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
πŸ”— http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
πŸ”— http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
πŸ”— http://security.gentoo.org/glsa/glsa-200411-34.xml

Related Vulnerabilities

CVE-2004-101310.0

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arb...

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-101110.0

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attacke...

CVE-2004-106710.0

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may al...