CVE-2004-1013
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
El procesador de argumentos de la orden FETCH de Cyrus IMAP Server 2.2.x a 2.2.8 permite a usuarios remotos autenticados ejecutar código de su elección mediante ciertos comandos como (1) "body[p", (2) "binary[p", o (3) "binary[p" que producen un error de incremento de índice que conduce a una corrupción de memoria fuera de límites.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-11-04 CVE Reserved
- 2004-11-24 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 | Mailing List | |
| http://asg.web.cmu.edu/cyrus/download/imapd/changes.html | X_refsource_confirm | |
| http://marc.info/?l=bugtraq&m=110123023521619&w=2 | Mailing List | |
| http://secunia.com/advisories/13274 | Third Party Advisory | |
| http://security.e-matters.de/advisories/152004.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2004/dsa-597 | 2016-12-08 |
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200411-34.xml | 2016-12-08 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 | 2016-12-08 | |
| https://www.ubuntu.com/usn/usn-31-1 | 2016-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.1.7 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.1.7" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.1.9 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.1.9" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.1.10 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.1.10" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.1.16 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.1.16" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.0_alpha Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.0_alpha" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.1_beta Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.1_beta" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.2_beta Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.2_beta" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.3 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.3" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.4 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.4" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.5 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.5" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.6 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.6" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.7 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.7" | - |
Affected
| ||||||
| Carnegie Mellon University Search vendor "Carnegie Mellon University" | Cyrus Imap Server Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" | 2.2.8 Search vendor "Carnegie Mellon University" for product "Cyrus Imap Server" and version "2.2.8" | - |
Affected
| ||||||
| Openpkg Search vendor "Openpkg" | Openpkg Search vendor "Openpkg" for product "Openpkg" | current Search vendor "Openpkg" for product "Openpkg" and version "current" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 9.0 Search vendor "Conectiva" for product "Linux" and version "9.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 10.0 Search vendor "Conectiva" for product "Linux" and version "10.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fedora Core Search vendor "Redhat" for product "Fedora Core" | core_2.0 Search vendor "Redhat" for product "Fedora Core" and version "core_2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fedora Core Search vendor "Redhat" for product "Fedora Core" | core_3.0 Search vendor "Redhat" for product "Fedora Core" and version "core_3.0" | - |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 2.0 Search vendor "Trustix" for product "Secure Linux" and version "2.0" | - |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 2.1 Search vendor "Trustix" for product "Secure Linux" and version "2.1" | - |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 2.2 Search vendor "Trustix" for product "Secure Linux" and version "2.2" | - |
Affected
| ||||||
| Ubuntu Search vendor "Ubuntu" | Ubuntu Linux Search vendor "Ubuntu" for product "Ubuntu Linux" | 4.1 Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1" | ia64 |
Affected
| ||||||
| Ubuntu Search vendor "Ubuntu" | Ubuntu Linux Search vendor "Ubuntu" for product "Ubuntu Linux" | 4.1 Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1" | ppc |
Affected
| ||||||