CyberSec.Space Logo
返回 CVE 浏览器

CVE-2004-1013

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0820%
EPSS Percentile23.73th
Published2005年1月10日
Last Modified2026年4月16日

Vulnerability Description

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Affected Platforms (CPE)

📦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.7
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.9
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.10
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.1.16
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.0_alpha
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.1_beta
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.2_beta
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.3
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.4
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.5
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.6
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.7
📦
Carnegie Mellon University

Cyrus Imap Server

= 2.2.8
📦
Openpkg

Openpkg

= current
💻
Conectiva

Linux

= 9.0
💻
Conectiva

Linux

= 10.0
💻
Redhat

Fedora Core

= core_2.0
💻
Redhat

Fedora Core

= core_3.0
💻
Trustix

Secure Linux

= 2.0
💻
Trustix

Secure Linux

= 2.1
💻
Trustix

Secure Linux

= 2.2
💻
Ubuntu

Ubuntu Linux

= 4.1
💻
Ubuntu

Ubuntu Linux

= 4.1

References & Advisories

🔗 http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
🔗 http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
🔗 http://marc.info/?l=bugtraq&m=110123023521619&w=2
🔗 http://secunia.com/advisories/13274/
🔗 http://security.e-matters.de/advisories/152004.html
🔗 http://security.gentoo.org/glsa/glsa-200411-34.xml
🔗 http://www.debian.org/security/2004/dsa-597
🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2004:139

相关漏洞威胁

CVE-2004-101510.0

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attacke...

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-101110.0

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attacke...

CVE-2004-106710.0

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may al...