Vulnerabilities > CVE-2004-1015
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2004-487.NASL description Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15895 published 2004-12-02 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15895 title Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-487. # include("compat.inc"); if (description) { script_id(15895); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-487"); script_name(english:"Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-December/000462.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d5096c6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-murder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-nntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Cyrus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"cyrus-imapd-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-devel-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-murder-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-nntp-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"cyrus-imapd-utils-2.2.10-1.fc3")) flag++; if (rpm_check(release:"FC3", reference:"perl-Cyrus-2.2.10-1.fc3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-139.NASL description A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the last seen 2020-06-01 modified 2020-06-02 plugin id 15836 published 2004-11-26 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15836 title Mandrake Linux Security Advisory : cyrus-imapd (MDKSA-2004:139) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-34.NASL description The remote host is affected by the vulnerability described in GLSA-200411-34 (Cyrus IMAP Server: Multiple remote vulnerabilities) Multiple vulnerabilities have been discovered in the argument parsers of the last seen 2020-06-01 modified 2020-06-02 plugin id 15833 published 2004-11-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15833 title GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2004-489.NASL description Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisories: CVE-2004-1011 CVE-2004-1012 CVE-2004-1013 CVE-2004-1015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15896 published 2004-12-02 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15896 title Fedora Core 2 : cyrus-imapd-2.2.10-1.fc2 (2004-489) NASL family Gain a shell remotely NASL id CYRUS_IMAP_MULTIPLE_OVERFLOW.NASL description According to its banner, the remote Cyrus IMAPD server is vulnerable to one pre-authentication buffer overflow, as well as three post- authentication buffer overflows. A remote attacker could exploit these issues to crash the server, or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15819 published 2004-11-23 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15819 title Cyrus IMAP Server < 2.2.10 Multiple Remote Overflows NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-003.NASL description The remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 17587 published 2005-03-21 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17587 title Mac OS X Multiple Vulnerabilities (Security Update 2005-003)
References
- http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
- http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
- http://security.gentoo.org/glsa/glsa-200411-34.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18274