CVE-2004-1067

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

History

20 Nov 2024, 23:50

Type Values Removed Values Added
References () http://asg.web.cmu.edu/cyrus/download/imapd/changes.html - () http://asg.web.cmu.edu/cyrus/download/imapd/changes.html -
References () http://www.securityfocus.com/bid/11738 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/11738 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/18333 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/18333 -
References () https://www.ubuntu.com/usn/usn-37-1/ - () https://www.ubuntu.com/usn/usn-37-1/ -

Information

Published : 2005-01-10 05:00

Updated : 2024-11-20 23:50


NVD link : CVE-2004-1067

Mitre link : CVE-2004-1067

CVE.ORG link : CVE-2004-1067


JSON object : View

Products Affected

carnegie_mellon_university

  • cyrus_imap_server

redhat

  • fedora_core

ubuntu

  • ubuntu_linux