CVE-2004-1015
published 2005-01-10CVE-2004-1015: Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code…
PriorityP336critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.18%
91.4th percentile
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| debian | cyrus-imapd | — | — |
| openpkg | openpkg | — | — |
| redhat | fedora_core | — | — |
| redhat | fedora_core | — | — |
| trustix | secure_linux | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w423-76hx-v38v: Buffer overflow in proxyd for Cyrus IMAP Server 2
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-1015 [CRITICAL] GHSA-w423-76hx-v38v: Buffer overflow in proxyd for Cyrus IMAP Server 2
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
GHSA
GHSA-p2x5-gpg6-5r2r: Stack-based buffer overflow in Cyrus IMAP Server 2
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-1011 [CRITICAL] GHSA-p2x5-gpg6-5r2r: Stack-based buffer overflow in Cyrus IMAP Server 2
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
Debian
CVE-2004-1015: cyrus-imapd - Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imap...
vendor_debian·2004·CVSS 10.0
CVE-2004-1015 [CRITICAL] CVE-2004-1015: cyrus-imapd - Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imap...
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2004-1011: cyrus-imapd - Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the i...
vendor_debian·2004·CVSS 10.0
CVE-2004-1011 [CRITICAL] CVE-2004-1011: cyrus-imapd - Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the i...
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://security.gentoo.org/glsa/glsa-200411-34.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:139https://exchange.xforce.ibmcloud.com/vulnerabilities/18274http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://security.gentoo.org/glsa/glsa-200411-34.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:139https://exchange.xforce.ibmcloud.com/vulnerabilities/18274
2005-01-10
Published