CVE-2004-1011

4 documents4 sources

Severity

10.0CRITICAL

EPSS

16.6%

top 5.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Carnegie Mellon University Cyrus Imap Server Conectiva Linux Openpkg Openpkg +3 more

Timeline

PublishedJan 10

Latest updateApr 29

Description

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDcarnegie_mellon_university/cyrus_imap_server13 versions+12

▶NVDconectiva/linux10.0, 9.0+1

▶NVDopenpkg/openpkgcurrent

▶NVDredhat/fedora_corecore_2.0, core_3.0+1

▶NVDtrustix/secure_linux2.0, 2.1, 2.2+2

Also affects: Ubuntu Linux 4.1

🔴Vulnerability Details

GHSA

GHSA-p2x5-gpg6-5r2r: Stack-based buffer overflow in Cyrus IMAP Server 2↗2022-04-29

▶

CVEList

CVE-2004-1011: Stack-based buffer overflow in Cyrus IMAP Server 2↗2004-12-01

▶

📋Vendor Advisories

Debian

CVE-2004-1011: cyrus-imapd - Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the i...↗2004

▶