Vulnerabilities > CVE-2004-1011

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

carnegie-mellon-university

critical

nessus

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

Vulnerable Configurations

Part	Description	Count
Application	Carnegie_Mellon_University Carnegie Mellon University Cyrus Imap Server 2.1.7 Carnegie Mellon University Cyrus Imap Server 2.1.9 Carnegie Mellon University Cyrus Imap Server 2.1.10 Carnegie Mellon University Cyrus Imap Server 2.1.16 Carnegie Mellon University Cyrus Imap Server 2.2.0_Alpha Carnegie Mellon University Cyrus Imap Server 2.2.1_Beta Carnegie Mellon University Cyrus Imap Server 2.2.2_Beta Carnegie Mellon University Cyrus Imap Server 2.2.3 Carnegie Mellon University Cyrus Imap Server 2.2.4 Carnegie Mellon University Cyrus Imap Server 2.2.5 Carnegie Mellon University Cyrus Imap Server 2.2.6 Carnegie Mellon University Cyrus Imap Server 2.2.7 Carnegie Mellon University Cyrus Imap Server 2.2.8	13
Application	Openpkg Openpkg Openpkg Current	1
OS	Conectiva Conectiva Linux 9.0 Conectiva Linux 10.0	2
OS	Redhat Redhat Fedora Core Core_2.0 Redhat Fedora Core Core_3.0	2
OS	Trustix Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Trustix Secure Linux 2.2	3
OS	Ubuntu Ubuntu Ubuntu Linux 4.1	2

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-487.NASL
description	Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15895
published	2004-12-02
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15895
title	Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-487. # include("compat.inc"); if (description) { script_id(15895); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-487"); script_name(english:"Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-December/000462.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d5096c6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-murder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-nntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Cyrus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"cyrus-imapd-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-devel-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-murder-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-nntp-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-utils-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"perl-Cyrus-2.2.10-1.fc3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2004_043.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2004:043 (cyrus-imapd). Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.
last seen	2020-06-01
modified	2020-06-02
plugin id	15923
published	2004-12-07
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15923
title	SUSE-SA:2004:043: cyrus-imapd
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:043 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(15923); script_version ("1.10"); script_cve_id("CVE-2004-1011", "CVE-2004-1012", "CVE-2004-1013"); name["english"] = "SUSE-SA:2004:043: cyrus-imapd"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2004:043 (cyrus-imapd). Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2004_43_cyrus_imapd.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/07"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the cyrus-imapd package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"cyrus-imapd-2.1.16-56", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.1.12-75", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.1.15-89", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.2.3-83.19", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"cyrus-imapd-2.2.8-6.3", release:"SUSE9.2") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"cyrus-imapd-", release:"SUSE8.1") \|\| rpm_exists(rpm:"cyrus-imapd-", release:"SUSE8.2") \|\| rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.0") \|\| rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.1") \|\| rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.2") ) { set_kb_item(name:"CVE-2004-1011", value:TRUE); set_kb_item(name:"CVE-2004-1012", value:TRUE); set_kb_item(name:"CVE-2004-1013", value:TRUE); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-139.NASL
description	A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the
last seen	2020-06-01
modified	2020-06-02
plugin id	15836
published	2004-11-26
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15836
title	Mandrake Linux Security Advisory : cyrus-imapd (MDKSA-2004:139)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200411-34.NASL
description	The remote host is affected by the vulnerability described in GLSA-200411-34 (Cyrus IMAP Server: Multiple remote vulnerabilities) Multiple vulnerabilities have been discovered in the argument parsers of the
last seen	2020-06-01
modified	2020-06-02
plugin id	15833
published	2004-11-25
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15833
title	GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-489.NASL
description	Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15896
published	2004-12-02
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15896
title	Fedora Core 2 : cyrus-imapd-2.2.10-1.fc2 (2004-489)

NASL family	Gain a shell remotely
NASL id	CYRUS_IMAP_MULTIPLE_OVERFLOW.NASL
description	According to its banner, the remote Cyrus IMAPD server is vulnerable to one pre-authentication buffer overflow, as well as three post- authentication buffer overflows. A remote attacker could exploit these issues to crash the server, or possibly execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	15819
published	2004-11-23
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15819
title	Cyrus IMAP Server < 2.2.10 Multiple Remote Overflows

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_816FDD8B3D1411D98818008088034841.NASL
description	When the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before any kind of authentification took place.
last seen	2020-06-01
modified	2020-06-02
plugin id	19004
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19004
title	FreeBSD : Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow (816fdd8b-3d14-11d9-8818-008088034841)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2005-003.NASL
description	The remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	17587
published	2005-03-21
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17587
title	Mac OS X Multiple Vulnerabilities (Security Update 2005-003)

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.