VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Apr 16, 2026

CVE-2004-1067

CVE-2004-1067

Description

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

Affected products

22
  • Carnegie Mellon University/Cyrus Imap Server18 versions
    cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:1.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
  • Red Hat/Fedora Core2 versions
    cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • Ubuntu/Linux2 versions
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
    • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.