CVE-2004-1012 : The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlie

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

Published 2005-01-10 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2004-1012

Redhat » Fedora Core » Version: Core 2.0
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Fedora Core » Version: Core 3.0
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
Matching versions
Ubuntu » Ubuntu Linux » Version: 4.1 PPC Edition
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
Matching versions
Ubuntu » Ubuntu Linux » Version: 4.1 Ia64 Edition
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 9.0
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 10.0
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.0
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.1
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.2
cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.10
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.9
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.7
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.6
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.7
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.8
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.16
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.4
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.5
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.2 Beta
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.3
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.0 Alpha
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.1 Beta
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
Matching versions
Openpkg » Openpkg » Version: Current
cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-1012

EPSS FAQ

10.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-1012

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-1012

http://www.mandriva.com/security/advisories?name=MDKSA-2004:139

Mandriva

CVEs referencing this url
http://security.e-matters.de/advisories/152004.html

CVEs referencing this url
http://www.debian.org/security/2004/dsa-597

[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution

CVEs referencing this url
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200411-34.xml

Cyrus IMAP Server: Multiple remote vulnerabilities (GLSA 200411-34) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/13274/

About Secunia Research | Flexera

CVEs referencing this url
http://marc.info/?l=bugtraq&m=110123023521619&w=2

'Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities' - MARC

CVEs referencing this url
https://www.ubuntu.com/usn/usn-31-1/

USN-31-1: cyrus21-imapd vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/18199

Cyrus IMAP PARTIAL and FETCH commands execute code CVE-2004-1013 Vulnerability Report
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2004-1012

Products affected by CVE-2004-1012

Exploit prediction scoring system (EPSS) score for CVE-2004-1012

CVSS scores for CVE-2004-1012

References for CVE-2004-1012