Executive Summary
Summary | |
---|---|
Title | New cyrus-imapd packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-597 | First vendor Publication | 2004-11-25 |
Vendor | Debian | Last vendor Modification | 2004-11-25 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stefan Esser discovered several security related problems in the Cyrus IMAP daemon. Due to a bug in the command parser it is possible to access memory beyond the allocated buffer in two places which could lead to the execution of arbitrary code. For the stable distribution (woody) these problems have been fixed in version 1.5.19-9.2 For the unstable distribution (sid) these problems have been fixed in version 2.1.17-1. We recommend that you upgrade your cyrus-imapd package immediately. |
Original Source
Url : http://www.debian.org/security/2004/dsa-597 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd) File : nvt/glsa_200411_34.nasl |
2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd0.nasl |
2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd1.nasl |
2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 597-1 (cyrus-imapd) File : nvt/deb_597_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12098 | Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow A remote overflow exists in Cyrus IMAP. The IMAP server incorrectly processes partial FETCH command arguments resulting in an off by one heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
12097 | Cyrus IMAP Server Partial Command Argument Parser Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-31-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_114d70f33d1611d98818008088034841.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c0a269d53d1611d98818008088034841.nasl - Type : ACT_GATHER_INFO |
2005-03-21 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-003.nasl - Type : ACT_GATHER_INFO |
2004-12-07 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_043.nasl - Type : ACT_GATHER_INFO |
2004-12-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-487.nasl - Type : ACT_GATHER_INFO |
2004-12-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-489.nasl - Type : ACT_GATHER_INFO |
2004-11-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-139.nasl - Type : ACT_GATHER_INFO |
2004-11-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-597.nasl - Type : ACT_GATHER_INFO |
2004-11-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-34.nasl - Type : ACT_GATHER_INFO |
2004-11-23 | Name : The remote IMAP server has multiple buffer overflow vulnerabilities. File : cyrus_imap_multiple_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:37 |
|