CVE-2004-1067

4 documents4 sources

Severity

10.0CRITICAL

EPSS

5.5%

top 9.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Carnegie Mellon University Cyrus Imap Server Redhat Fedora Core Ubuntu Ubuntu Linux

Timeline

PublishedJan 10

Latest updateApr 29

Description

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcarnegie_mellon_university/cyrus_imap_server18 versions+17

▶NVDredhat/fedora_corecore_2.0, core_3.0+1

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5mmh-rg36-rhxw: Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2↗2022-04-29

▶

CVEList

CVE-2004-1067: Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2↗2004-12-10

▶

📋Vendor Advisories

Ubuntu

cyrus21-imapd vulnerability↗2004-12-02

▶