CVE-2004-1012
published 2005-01-10CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain…
PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.95%
92.4th percentile
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| debian | cyrus-imapd | < cyrus-imapd 1.5.19-20 (bookworm) | cyrus-imapd 1.5.19-20 (bookworm) |
| openpkg | openpkg | — | — |
| redhat | fedora_core | — | — |
| redhat | fedora_core | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
cyrus21-imapd vulnerabilities
vendor_ubuntu·2004-11-24
CVE-2004-1013 cyrus21-imapd vulnerabilities
Title: cyrus21-imapd vulnerabilities
Summary: cyrus21-imapd vulnerabilities
Stefan Esser discovered several buffer overflows in the Cyrus IMAP
server. Due to insufficient checking within the argument parser of
the "partial" and "fetch" commands, an argument like "body[p" was
detected as "body.peek". This could cause a buffer overflow which
could be exploited to execute arbitrary attacker-supplied code.
This update also fixes an exploitable buffer overflow that could be
triggered in situations when memory allocation fails (i. e. when no
free memory is available any more).
Both vulnerabilities can lead to privilege escalation to root.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2004-1012: cyrus-imapd - The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlie...
vendor_debian·2004·CVSS 10.0
CVE-2004-1012 [CRITICAL] CVE-2004-1012: cyrus-imapd - The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlie...
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
Scope: local
bookworm: resolved (fixed in 1.5.19-20)
bullseye: resolved (fixed in 1.5.19-20)
forky: resolved (fixed in 1.5.19-20)
sid: resolved (fixed in 1.5.19-20)
trixie: resolved (fixed in 1.5.19-20)
GHSA
GHSA-6j99-5j9x-px72: The argument parser of the PARTIAL command in Cyrus IMAP Server 2
ghsa_unreviewed·2022-04-29
CVE-2004-1012 [HIGH] GHSA-6j99-5j9x-px72: The argument parser of the PARTIAL command in Cyrus IMAP Server 2
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
OSV
CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2
osv·2005-01-10·CVSS 10.0
CVE-2004-1012 [CRITICAL] CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://marc.info/?l=bugtraq&m=110123023521619&w=2http://secunia.com/advisories/13274/http://security.e-matters.de/advisories/152004.htmlhttp://security.gentoo.org/glsa/glsa-200411-34.xmlhttp://www.debian.org/security/2004/dsa-597http://www.mandriva.com/security/advisories?name=MDKSA-2004:139https://exchange.xforce.ibmcloud.com/vulnerabilities/18199https://www.ubuntu.com/usn/usn-31-1/http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://marc.info/?l=bugtraq&m=110123023521619&w=2http://secunia.com/advisories/13274/http://security.e-matters.de/advisories/152004.htmlhttp://security.gentoo.org/glsa/glsa-200411-34.xmlhttp://www.debian.org/security/2004/dsa-597http://www.mandriva.com/security/advisories?name=MDKSA-2004:139https://exchange.xforce.ibmcloud.com/vulnerabilities/18199https://www.ubuntu.com/usn/usn-31-1/
2005-01-10
Published