FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1012

This CVE name corresponds to:

Entered Topic
2004-11-22 Cyrus IMAPd -- PARTIAL command out of bounds memory corruption

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-1012
Phase Assigned(20041104)

Description

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

References

Source Reference
BUGTRAQ 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities
MISC http://security.e-matters.de/advisories/152004.html
MLIST [cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released
CONFIRM http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
DEBIAN DSA-597
GENTOO GLSA-200411-34
MANDRAKE MDKSA-2004:139
UBUNTU USN-31-1
XF cyrus-imap-commands-execute-code(18199)
SECUNIA 13274