Vulnerabilities > CVE-2004-1011
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2004-487.NASL description Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15895 published 2004-12-02 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15895 title Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-487. # include("compat.inc"); if (description) { script_id(15895); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-487"); script_name(english:"Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-December/000462.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d5096c6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-murder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-nntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Cyrus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"cyrus-imapd-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-devel-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-murder-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-nntp-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-utils-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"perl-Cyrus-2.2.10-1.fc3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_043.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:043 (cyrus-imapd). Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended. last seen 2020-06-01 modified 2020-06-02 plugin id 15923 published 2004-12-07 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15923 title SUSE-SA:2004:043: cyrus-imapd code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:043 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(15923); script_version ("1.10"); script_cve_id("CVE-2004-1011", "CVE-2004-1012", "CVE-2004-1013"); name["english"] = "SUSE-SA:2004:043: cyrus-imapd"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2004:043 (cyrus-imapd). Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2004_43_cyrus_imapd.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/07"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the cyrus-imapd package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"cyrus-imapd-2.1.16-56", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.1.12-75", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.1.15-89", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.2.3-83.19", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.2.8-6.3", release:"SUSE9.2") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"cyrus-imapd-", release:"SUSE8.1") || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE8.2") || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.0") || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.1") || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.2") ) { set_kb_item(name:"CVE-2004-1011", value:TRUE); set_kb_item(name:"CVE-2004-1012", value:TRUE); set_kb_item(name:"CVE-2004-1013", value:TRUE); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-139.NASL description A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the last seen 2020-06-01 modified 2020-06-02 plugin id 15836 published 2004-11-26 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15836 title Mandrake Linux Security Advisory : cyrus-imapd (MDKSA-2004:139) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-34.NASL description The remote host is affected by the vulnerability described in GLSA-200411-34 (Cyrus IMAP Server: Multiple remote vulnerabilities) Multiple vulnerabilities have been discovered in the argument parsers of the last seen 2020-06-01 modified 2020-06-02 plugin id 15833 published 2004-11-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15833 title GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2004-489.NASL description Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15896 published 2004-12-02 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15896 title Fedora Core 2 : cyrus-imapd-2.2.10-1.fc2 (2004-489) NASL family Gain a shell remotely NASL id CYRUS_IMAP_MULTIPLE_OVERFLOW.NASL description According to its banner, the remote Cyrus IMAPD server is vulnerable to one pre-authentication buffer overflow, as well as three post- authentication buffer overflows. A remote attacker could exploit these issues to crash the server, or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15819 published 2004-11-23 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15819 title Cyrus IMAP Server < 2.2.10 Multiple Remote Overflows NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_816FDD8B3D1411D98818008088034841.NASL description When the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before any kind of authentification took place. last seen 2020-06-01 modified 2020-06-02 plugin id 19004 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19004 title FreeBSD : Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow (816fdd8b-3d14-11d9-8818-008088034841) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-003.NASL description The remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 17587 published 2005-03-21 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17587 title Mac OS X Multiple Vulnerabilities (Security Update 2005-003)
References
- http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143
- http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
- http://marc.info/?l=bugtraq&m=110123023521619&w=2
- http://secunia.com/advisories/13274/
- http://security.e-matters.de/advisories/152004.html
- http://security.gentoo.org/glsa/glsa-200411-34.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18198