CVE-2004-1067 - Electromagnetic Distances

Description

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow which may allow remote attackers to execute arbitrary code via the username.

Reference

http://www.securityfocus.com/bid/11738 http://asg.web.cmu.edu/cyrus/download/imapd/changes.html https://www.ubuntu.com/usn/usn-37-1/ https://exchange.xforce.ibmcloud.com/vulnerabilities/18333