Summary
| Detail | |||
|---|---|---|---|
| Vendor | Carnegie Mellon University | First view | 2005-01-10 |
| Product | Cyrus Imap Server | Last view | 2005-01-10 |
| Version | 2.2.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2005-01-10 | CVE-2004-1067 | Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. |
| 10 | 2005-01-10 | CVE-2004-1015 | Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. |
| 10 | 2005-01-10 | CVE-2004-1013 | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. |
| 10 | 2005-01-10 | CVE-2004-1012 | The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. |
| 10 | 2005-01-10 | CVE-2004-1011 | Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 12348 | Cyrus IMAP Server mysasl_canon_user() Function Remote Overflow |
| 12290 | Cyrus IMAP imapmagicplus proxyd Overflow |
| 12098 | Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow |
| 12097 | Cyrus IMAP Server Partial Command Argument Parser Remote Overflow |
| 12096 | Cyrus IMAP Server IMAPMAGICPLUS Option Pre-Authentication Remote Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd) File : nvt/glsa_200411_34.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd1.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd2.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd3.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 597-1 (cyrus-imapd) File : nvt/deb_597_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | login buffer overflow attempt RuleID : 1842-community - Type : PROTOCOL-IMAP - Revision : 34 |
| 2014-01-10 | login buffer overflow attempt RuleID : 1842 - Type : PROTOCOL-IMAP - Revision : 34 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-31-1.nasl - Type: ACT_GATHER_INFO |
| 2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-37-1.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_114d70f33d1611d98818008088034841.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_816fdd8b3d1411d98818008088034841.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_c0a269d53d1611d98818008088034841.nasl - Type: ACT_GATHER_INFO |
| 2005-03-21 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd2005-003.nasl - Type: ACT_GATHER_INFO |
| 2004-12-07 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2004_043.nasl - Type: ACT_GATHER_INFO |
| 2004-12-02 | Name: The remote Fedora Core host is missing a security update. File: fedora_2004-487.nasl - Type: ACT_GATHER_INFO |
| 2004-12-02 | Name: The remote Fedora Core host is missing a security update. File: fedora_2004-489.nasl - Type: ACT_GATHER_INFO |
| 2004-11-26 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2004-139.nasl - Type: ACT_GATHER_INFO |
| 2004-11-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-597.nasl - Type: ACT_GATHER_INFO |
| 2004-11-25 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200411-34.nasl - Type: ACT_GATHER_INFO |
| 2004-11-23 | Name: The remote IMAP server has multiple buffer overflow vulnerabilities. File: cyrus_imap_multiple_overflow.nasl - Type: ACT_GATHER_INFO |
