Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-1015

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

Related bugs and status

CVE-2004-1015 (Candidate) is related to these bugs:

Bug #10608: cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13

Summary				In	Importance	Status
	10608	cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13		cyrus21-imapd (Ubuntu)	High	Fix Released
	10608	cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13		cyrus21-imapd (Debian)	Unknown	Fix Released

Bug #10900: another buffer overflow (CAN-2004-1015)

Summary				In	Importance	Status
	10900	another buffer overflow (CAN-2004-1015)		cyrus21-imapd (Ubuntu)	High	Invalid
	10900	another buffer overflow (CAN-2004-1015)		cyrus21-imapd (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://asg.web.cmu.edu...
GENTOO: GLSA-200411-34
MANDRAKE: MDKSA-2004:139
MLIST: [cyrus-announce] 20041...
XF: cyrus-magic-plus-bo(18...