Lucene search

UbuntuUSN-37-1

HistoryDec 02, 2004 - 12:00 a.m.

cyrus21-imapd vulnerability

2004-12-0200:00:00

ubuntu.com

7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

JSON

Releases

Ubuntu 4.10

Details

Recently another buffer overflow has been discovered in the SASL
authentication module of the Cyrus IMAP server. An off-by-one
comparison error in the mysasl_canon_user() function could lead to a
missing termination of an user name string.

This vulnerability could allow remote, attacker-supplied machine code
to be executed in the context of the affected server process. Since
the IMAP server usually runs as unprivileged user ‘cyrus’, there is no
possibility of root privilege escalation.

OSVersionArchitecturePackageVersionFilename
Ubuntu4.10noarchcyrus21-imapd< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	4.10	noarch	cyrus21-imapd	< *	UNKNOWN

References

ubuntu.com/security/CVE-2004-1067

7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for USN-37-1