Executive Summary
Summary | |
---|---|
Title | cyrus21-imapd vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-31-1 | First vendor Publication | 2004-11-23 |
Vendor | Ubuntu | Last vendor Modification | 2004-11-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: cyrus21-imapd The problem can be corrected by upgrading the affected package to version 2.1.16-6ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the "partial" and "fetch" commands, an argument like "body[p" was detected as "body.peek". This could cause a buffer overflow which could be exploited to execute arbitrary attacker-supplied code. This update also fixes an exploitable buffer overflow that could be triggered in situations when memory allocation fails (i. e. when no free memory is available any more). Both vulnerabilities can lead to privilege escalation to root. |
Original Source
Url : http://www.ubuntu.com/usn/USN-31-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd) File : nvt/glsa_200411_34.nasl |
2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd0.nasl |
2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd1.nasl |
2008-09-04 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 597-1 (cyrus-imapd) File : nvt/deb_597_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12098 | Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow A remote overflow exists in Cyrus IMAP. The IMAP server incorrectly processes partial FETCH command arguments resulting in an off by one heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
12097 | Cyrus IMAP Server Partial Command Argument Parser Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-31-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_114d70f33d1611d98818008088034841.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c0a269d53d1611d98818008088034841.nasl - Type : ACT_GATHER_INFO |
2005-03-21 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-003.nasl - Type : ACT_GATHER_INFO |
2004-12-07 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_043.nasl - Type : ACT_GATHER_INFO |
2004-12-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-487.nasl - Type : ACT_GATHER_INFO |
2004-12-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-489.nasl - Type : ACT_GATHER_INFO |
2004-11-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-139.nasl - Type : ACT_GATHER_INFO |
2004-11-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-597.nasl - Type : ACT_GATHER_INFO |
2004-11-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-34.nasl - Type : ACT_GATHER_INFO |
2004-11-23 | Name : The remote IMAP server has multiple buffer overflow vulnerabilities. File : cyrus_imap_multiple_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:35 |
|