CVE-2004-1013 : The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to e

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Published 2005-01-10 05:00:00

Updated 2016-12-08 02:59:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2004-1013

Probability of exploitation activity in the next 30 days: 10.67%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1013

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-1013

Products affected by CVE-2004-1013

Redhat » Fedora Core » Version: Core 2.0
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Fedora Core » Version: Core 3.0
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
Matching versions
Ubuntu » Ubuntu Linux » Version: 4.1 PPC Edition
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
Matching versions
Ubuntu » Ubuntu Linux » Version: 4.1 Ia64 Edition
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 9.0
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 10.0
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.0
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.1
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.2
cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.10
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.9
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.7
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.6
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.7
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.8
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.1.16
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.4
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.5
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.2 Beta
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.3
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.0 Alpha
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
Matching versions
Carnegie Mellon University » Cyrus Imap Server » Version: 2.2.1 Beta
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
Matching versions
Openpkg » Openpkg » Version: Current
cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-1013

Exploit prediction scoring system (EPSS) score for CVE-2004-1013

CVSS scores for CVE-2004-1013

References for CVE-2004-1013

Products affected by CVE-2004-1013