Lucene search
SuseSUSE-SA:2004:043HistoryDec 03, 2004 - 1:37 p.m.
remote command execution in cyrus-imapd
2004-12-0313:37:30
lists.opensuse.org
13
0.107 Low
EPSS
Percentile
94.5%
Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.
Solution
There is no temporary workaround except shutting down the IMAP server.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.2 | i586 | cyrus-imapd | < 2.2.8-6.3 | cyrus-imapd-2.2.8-6.3.i586.rpm |
| openSUSE | 9.1 | i586 | cyrus-imapd | < 2.2.3-83.19 | cyrus-imapd-2.2.3-83.19.i586.rpm |
| openSUSE | 8.1 | i586 | cyrus-imapd | < 2.1.16-56 | cyrus-imapd-2.1.16-56.i586.rpm |
| openSUSE | 9.0 | x86_64 | cyrus-imapd | < 2.1.15-89 | cyrus-imapd-2.1.15-89.x86_64.rpm |
| openSUSE | 9.1 | x86_64 | cyrus-imapd | < 2.2.3-83.19 | cyrus-imapd-2.2.3-83.19.x86_64.rpm |
| openSUSE | 8.2 | i586 | cyrus-imapd | < 2.1.12-75 | cyrus-imapd-2.1.12-75.i586.rpm |
| openSUSE | 9.0 | i586 | cyrus-imapd | < 2.1.15-89 | cyrus-imapd-2.1.15-89.i586.rpm |
| openSUSE | 9.2 | x86_64 | cyrus-imapd | < 2.2.8-6.3 | cyrus-imapd-2.2.8-6.3.x86_64.rpm |
Related
altlinux
altlinux
Security fix for the ALT Linux 8 package cyrus-imapd version 2.2.9-alt1
2004-11-23 00:00:00
nessus
nessus
SUSE-SA:2004:043: cyrus-imapd
2004-12-07 00:00:00
GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities
2004-11-25 00:00:00
Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)
2004-12-02 00:00:00
openvas
openvas
FreeBSD Ports: cyrus-imapd
2008-09-04 00:00:00
FreeBSD Ports: cyrus-imapd
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
2008-09-24 00:00:00
securityvulns
securityvulns
Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities
2004-11-24 00:00:00
gentoo
gentoo
Cyrus IMAP Server: Multiple remote vulnerabilities
2004-11-25 00:00:00
debian
debian
[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution
2004-11-25 09:34:48
[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution
2004-11-25 00:00:00
ubuntu
ubuntu
cyrus21-imapd vulnerabilities
2004-11-24 00:00:00
osv
osv
cyrus-imapd - buffer overflow
2004-11-25 00:00:00
ubuntucve
ubuntucve
freebsd
freebsd
Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow
2004-11-06 00:00:00
Cyrus IMAPd -- FETCH command out of bounds memory corruption
2004-11-06 00:00:00
Cyrus IMAPd -- PARTIAL command out of bounds memory corruption
2004-11-06 00:00:00
debiancve
debiancve
cve
cve