Vulnerabilities > CVE-2004-1011

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-487.NASL
    descriptionFix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15895
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15895
    titleFedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-487.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15895);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2004-487");
    
      script_name(english:"Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix several buffer overflow problems that could be used as an exploit.
    Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012
    CVE-2004-1013 CVE-2004-1015
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-December/000462.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4d5096c6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-murder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-nntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Cyrus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-devel-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-murder-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-nntp-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-utils-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-Cyrus-2.2.10-1.fc3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_043.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:043 (cyrus-imapd). Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.
    last seen2020-06-01
    modified2020-06-02
    plugin id15923
    published2004-12-07
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15923
    titleSUSE-SA:2004:043: cyrus-imapd
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:043
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(15923);
     script_version ("1.10");
     script_cve_id("CVE-2004-1011", "CVE-2004-1012", "CVE-2004-1013");
     
     name["english"] = "SUSE-SA:2004:043: cyrus-imapd";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2004:043 (cyrus-imapd).
    
    
    Stefan Esser reported various bugs within the Cyrus IMAP Server.
    These include buffer overflows and out-of-bounds memory access
    which could allow remote attackers to execute arbitrary commands
    as root. The bugs occur in the pre-authentication phase, therefore
    an update is strongly recommended." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/2004_43_cyrus_imapd.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/07");
      script_cvs_date("Date: 2019/10/25 13:36:28");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the cyrus-imapd package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"cyrus-imapd-2.1.16-56", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cyrus-imapd-2.1.12-75", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cyrus-imapd-2.1.15-89", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cyrus-imapd-2.2.3-83.19", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cyrus-imapd-2.2.8-6.3", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"cyrus-imapd-", release:"SUSE8.1")
     || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE8.2")
     || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.0")
     || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.1")
     || rpm_exists(rpm:"cyrus-imapd-", release:"SUSE9.2") )
    {
     set_kb_item(name:"CVE-2004-1011", value:TRUE);
     set_kb_item(name:"CVE-2004-1012", value:TRUE);
     set_kb_item(name:"CVE-2004-1013", value:TRUE);
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-139.NASL
    descriptionA number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the
    last seen2020-06-01
    modified2020-06-02
    plugin id15836
    published2004-11-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15836
    titleMandrake Linux Security Advisory : cyrus-imapd (MDKSA-2004:139)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-34.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-34 (Cyrus IMAP Server: Multiple remote vulnerabilities) Multiple vulnerabilities have been discovered in the argument parsers of the
    last seen2020-06-01
    modified2020-06-02
    plugin id15833
    published2004-11-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15833
    titleGLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-489.NASL
    descriptionFix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15896
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15896
    titleFedora Core 2 : cyrus-imapd-2.2.10-1.fc2 (2004-489)
  • NASL familyGain a shell remotely
    NASL idCYRUS_IMAP_MULTIPLE_OVERFLOW.NASL
    descriptionAccording to its banner, the remote Cyrus IMAPD server is vulnerable to one pre-authentication buffer overflow, as well as three post- authentication buffer overflows. A remote attacker could exploit these issues to crash the server, or possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15819
    published2004-11-23
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15819
    titleCyrus IMAP Server < 2.2.10 Multiple Remote Overflows
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_816FDD8B3D1411D98818008088034841.NASL
    descriptionWhen the option imapmagicplus is activated on a server the PROXY and LOGIN commands suffer a standard stack overflow, because the username is not checked against a maximum length when it is copied into a temporary stack buffer. This bug is especially dangerous because it can be triggered before any kind of authentification took place.
    last seen2020-06-01
    modified2020-06-02
    plugin id19004
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19004
    titleFreeBSD : Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow (816fdd8b-3d14-11d9-8818-008088034841)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-003.NASL
    descriptionThe remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id17587
    published2005-03-21
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17587
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-003)