5.1

CVE-2011-1926

EPSS 4.87%
Published 23.05.2011 22:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected products Warnungen 0 Metrics 2 CWE 0 References 23

Data is provided by the National Vulnerability Database (NVD)

Cmu ≫ Cyrus Imap Server Version <= 2.4.6

Cmu ≫ Cyrus Imap Server Version2.0.17

Cmu ≫ Cyrus Imap Server Version2.1.16

Cmu ≫ Cyrus Imap Server Version2.1.17

Cmu ≫ Cyrus Imap Server Version2.1.18

Cmu ≫ Cyrus Imap Server Version2.2.8

Cmu ≫ Cyrus Imap Server Version2.2.9

Cmu ≫ Cyrus Imap Server Version2.2.10

Cmu ≫ Cyrus Imap Server Version2.2.11

Cmu ≫ Cyrus Imap Server Version2.2.12

Cmu ≫ Cyrus Imap Server Version2.2.13

Cmu ≫ Cyrus Imap Server Version2.2.13p1

Cmu ≫ Cyrus Imap Server Version2.3.0

Cmu ≫ Cyrus Imap Server Version2.3.1

Cmu ≫ Cyrus Imap Server Version2.3.2

Cmu ≫ Cyrus Imap Server Version2.3.3

Cmu ≫ Cyrus Imap Server Version2.3.4

Cmu ≫ Cyrus Imap Server Version2.3.5

Cmu ≫ Cyrus Imap Server Version2.3.6

Cmu ≫ Cyrus Imap Server Version2.3.7

Cmu ≫ Cyrus Imap Server Version2.3.8

Cmu ≫ Cyrus Imap Server Version2.3.9

Cmu ≫ Cyrus Imap Server Version2.3.10

Cmu ≫ Cyrus Imap Server Version2.3.11

Cmu ≫ Cyrus Imap Server Version2.3.12

Cmu ≫ Cyrus Imap Server Version2.3.13

Cmu ≫ Cyrus Imap Server Version2.3.14

Cmu ≫ Cyrus Imap Server Version2.3.15

Cmu ≫ Cyrus Imap Server Version2.3.16

Cmu ≫ Cyrus Imap Server Version2.4.0

Cmu ≫ Cyrus Imap Server Version2.4.1

Cmu ≫ Cyrus Imap Server Version2.4.2

Cmu ≫ Cyrus Imap Server Version2.4.3

Cmu ≫ Cyrus Imap Server Version2.4.4

Cmu ≫ Cyrus Imap Server Version2.4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.87%	0.885

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://www.kb.cert.org/vuls/id/555316

US Government Resource

http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423

Patch

http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424

Patch

http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html

http://openwall.com/lists/oss-security/2011/05/17/15

Patch

http://openwall.com/lists/oss-security/2011/05/17/2

Patch

http://secunia.com/advisories/44670

http://secunia.com/advisories/44876

http://secunia.com/advisories/44913

http://secunia.com/advisories/44928

http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php

http://www.debian.org/security/2011/dsa-2242

http://www.debian.org/security/2011/dsa-2258

http://www.mandriva.com/security/advisories?name=MDVSA-2011:100

http://www.redhat.com/support/errata/RHSA-2011-0859.html

http://www.securitytracker.com/id?1025625

https://bugzilla.redhat.com/show_bug.cgi?id=705288

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/67867

https://nvd.nist.gov/vuln/detail/CVE-2011-1926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1926

EUVD