GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities

NASLDB: GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities

General

ID: 15833
Name: GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities

Summary: Checks for updated package(s) in /var/db/pkg

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Gentoo Local Security Checks
Type: Local

Description

The remote host is affected by the vulnerability described in GLSA-200411-34
(Cyrus IMAP Server: Multiple remote vulnerabilities)

Multiple vulnerabilities have been discovered in the argument
parsers of the ‘partial’ and ‘fetch’ commands of the Cyrus IMAP Server
(CAN-2004-1012, CAN-2004-1013). There are also buffer overflows in the
‘imap magic plus’ code that are vulnerable to exploitation as well
(CAN-2004-1011, CAN-2004-1015).

Impact :

An attacker can exploit these vulnerabilities to execute arbitrary
code with the rights of the user running the Cyrus IMAP Server.

Workaround :

There is no known workaround at this time.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2004-1011
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2004/11/22
Patch Release: 2004/11/25
Plugin Release: 2004/11/25

Plugin

Version: 1.13
Filename: gentoo_GLSA-200411-34.nasl
Filesize: 3830 bytes
MD5 Hash: d1a75b4cffc9269dfaeb7085e1ab4de7

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG