Lucene search

[email protected]CVE-2004-1067

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1067

2005-01-1005:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1067

buffer overflow

remote code execution

security vulnerability

cyrus imap server

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

JSON

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

Affected configurations

NVD

Node

carnegie_mellon_universitycyrus_imap_serverMatch1.4

carnegie_mellon_universitycyrus_imap_serverMatch1.5.19

carnegie_mellon_universitycyrus_imap_serverMatch2.0.12

carnegie_mellon_universitycyrus_imap_serverMatch2.0.16

carnegie_mellon_universitycyrus_imap_serverMatch2.1.7

carnegie_mellon_universitycyrus_imap_serverMatch2.1.9

carnegie_mellon_universitycyrus_imap_serverMatch2.1.10

carnegie_mellon_universitycyrus_imap_serverMatch2.1.16

carnegie_mellon_universitycyrus_imap_serverMatch2.2.0_alpha

carnegie_mellon_universitycyrus_imap_serverMatch2.2.1_beta

carnegie_mellon_universitycyrus_imap_serverMatch2.2.2_beta

carnegie_mellon_universitycyrus_imap_serverMatch2.2.3

carnegie_mellon_universitycyrus_imap_serverMatch2.2.4

carnegie_mellon_universitycyrus_imap_serverMatch2.2.5

carnegie_mellon_universitycyrus_imap_serverMatch2.2.6

carnegie_mellon_universitycyrus_imap_serverMatch2.2.7

carnegie_mellon_universitycyrus_imap_serverMatch2.2.8

carnegie_mellon_universitycyrus_imap_serverMatch2.2.9

Node

redhatfedora_coreMatchcore_2.0

redhatfedora_coreMatchcore_3.0

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

CPENameOperatorVersion
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq1.4
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq1.5.19
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.0.12
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.0.16
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.7
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.9
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.10
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.1.16
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.0_alpha
carnegie_mellon_university:cyrus_imap_servercarnegie mellon university cyrus imap servereq2.2.1_beta

CPE	Name	Operator	Version
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	1.4
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	1.5.19
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.0.12
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.0.16
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.7
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.9
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.10
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.1.16
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.0_alpha
carnegie_mellon_university:cyrus_imap_server	carnegie mellon university cyrus imap server	eq	2.2.1_beta