Launchpad.net

CVE 2004-1013

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Related bugs and status

CVE-2004-1013 (Candidate) is related to these bugs:

Bug #10600: Severe security problems (CAN-2004-10 11/12/13)

Summary				In	Importance	Status
	10600	Severe security problems (CAN-2004-10 11/12/13)		cyrus21-imapd (Ubuntu)	High	Fix Released
	10600	Severe security problems (CAN-2004-10 11/12/13)		cyrus21-imapd (Debian)	Unknown	Fix Released

Bug #10608: cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13

Summary				In	Importance	Status
	10608	cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13		cyrus21-imapd (Ubuntu)	High	Fix Released
	10608	cyrus21-imapd: Vulnerable to CAN-2004-1012 and -13		cyrus21-imapd (Debian)	Unknown	Fix Released

Bug #10900: another buffer overflow (CAN-2004-1015)

Summary				In	Importance	Status
	10900	another buffer overflow (CAN-2004-1015)		cyrus21-imapd (Ubuntu)	High	Invalid
	10900	another buffer overflow (CAN-2004-1015)		cyrus21-imapd (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2004-1013

Related bugs and status

Related bugs

References