Description
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
Affected products
- carnegie_mellon_university / cyrus_imap_server1.4 – 1.4
- carnegie_mellon_university / cyrus_imap_server1.5.19 – 1.5.19
- carnegie_mellon_university / cyrus_imap_server2.0.12 – 2.0.12
- carnegie_mellon_university / cyrus_imap_server2.0.16 – 2.0.16
- carnegie_mellon_university / cyrus_imap_server2.1.7 – 2.1.7
- carnegie_mellon_university / cyrus_imap_server2.1.9 – 2.1.9
- carnegie_mellon_university / cyrus_imap_server2.1.10 – 2.1.10
- carnegie_mellon_university / cyrus_imap_server2.1.16 – 2.1.16
- carnegie_mellon_university / cyrus_imap_server2.2.0_alpha – 2.2.0_alpha
- carnegie_mellon_university / cyrus_imap_server2.2.1_beta – 2.2.1_beta
- carnegie_mellon_university / cyrus_imap_server2.2.2_beta – 2.2.2_beta
- carnegie_mellon_university / cyrus_imap_server2.2.3 – 2.2.3
- carnegie_mellon_university / cyrus_imap_server2.2.4 – 2.2.4
- carnegie_mellon_university / cyrus_imap_server2.2.5 – 2.2.5
- carnegie_mellon_university / cyrus_imap_server2.2.6 – 2.2.6
- carnegie_mellon_university / cyrus_imap_server2.2.7 – 2.2.7
- carnegie_mellon_university / cyrus_imap_server2.2.8 – 2.2.8
- carnegie_mellon_university / cyrus_imap_server2.2.9 – 2.2.9
- RedHat / fedora_corecore_2.0 – core_2.0
- RedHat / fedora_corecore_3.0 – core_3.0
- Ubuntu / ubuntu_linux4.1 – 4.1
- Ubuntu / ubuntu_linux4.1 – 4.1
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18274
- MISChttp://asg.web.cmu.edu/cyrus/download/imapd/changes.html
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:139
- MISChttp://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145
- MISChttp://security.gentoo.org/glsa/glsa-200411-34.xml