Vulnerabilities > CVE-2004-1015

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
carnegie-mellon-university
redhat
ubuntu
critical
nessus

Summary

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-487.NASL
    descriptionFix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15895
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15895
    titleFedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-487.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15895);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2004-487");
    
      script_name(english:"Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix several buffer overflow problems that could be used as an exploit.
    Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012
    CVE-2004-1013 CVE-2004-1015
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-December/000462.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4d5096c6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-murder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-nntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Cyrus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-devel-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-murder-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-nntp-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"cyrus-imapd-utils-2.2.10-1.fc3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-Cyrus-2.2.10-1.fc3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-139.NASL
    descriptionA number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the
    last seen2020-06-01
    modified2020-06-02
    plugin id15836
    published2004-11-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15836
    titleMandrake Linux Security Advisory : cyrus-imapd (MDKSA-2004:139)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-34.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-34 (Cyrus IMAP Server: Multiple remote vulnerabilities) Multiple vulnerabilities have been discovered in the argument parsers of the
    last seen2020-06-01
    modified2020-06-02
    plugin id15833
    published2004-11-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15833
    titleGLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-489.NASL
    descriptionFix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15896
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15896
    titleFedora Core 2 : cyrus-imapd-2.2.10-1.fc2 (2004-489)
  • NASL familyGain a shell remotely
    NASL idCYRUS_IMAP_MULTIPLE_OVERFLOW.NASL
    descriptionAccording to its banner, the remote Cyrus IMAPD server is vulnerable to one pre-authentication buffer overflow, as well as three post- authentication buffer overflows. A remote attacker could exploit these issues to crash the server, or possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15819
    published2004-11-23
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15819
    titleCyrus IMAP Server < 2.2.10 Multiple Remote Overflows
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-003.NASL
    descriptionThe remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id17587
    published2005-03-21
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17587
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-003)