Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

2 years ago

Summary

The remote host is missing an update to cyrus-imapd-2.2 announced via advisory DSA 2318-1.

Insight

Insight

Multiple security issues have been discovered in cyrus-imapd, a highly scalable mail system designed for use in enterprise environments. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3208 Coverity discovered a stack-based buffer overflow in the NNTP server implementation (nttpd) of cyrus-imapd. An attacker can exploit this flaw via several crafted NNTP commands to execute arbitrary code. CVE-2011-3372 Stefan Cornelius of Secunia Research discovered that the command processing of the NNTP server implementation (nttpd) of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication. An attacker can use this flaw to bypass access restrictions for some commands and, e.g. exploit CVE-2011-3208 without proper authentication. For the oldstable distribution (lenny), this problem has been fixed in version 2.2_2.2.13-14+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 2.2_2.2.13-19+squeeze2. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in cyrus-imapd-2.4 version 2.4.12-1.

Solution

Solution

We recommend that you upgrade your cyrus-imapd-2.2 packages.

Common Vulnerabilities and Exposures (CVE)