5.1

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CmuCyrus Imap Server Version <= 2.4.6
CmuCyrus Imap Server Version2.0.17
CmuCyrus Imap Server Version2.1.16
CmuCyrus Imap Server Version2.1.17
CmuCyrus Imap Server Version2.1.18
CmuCyrus Imap Server Version2.2.8
CmuCyrus Imap Server Version2.2.9
CmuCyrus Imap Server Version2.2.10
CmuCyrus Imap Server Version2.2.11
CmuCyrus Imap Server Version2.2.12
CmuCyrus Imap Server Version2.2.13
CmuCyrus Imap Server Version2.2.13p1
CmuCyrus Imap Server Version2.3.0
CmuCyrus Imap Server Version2.3.1
CmuCyrus Imap Server Version2.3.2
CmuCyrus Imap Server Version2.3.3
CmuCyrus Imap Server Version2.3.4
CmuCyrus Imap Server Version2.3.5
CmuCyrus Imap Server Version2.3.6
CmuCyrus Imap Server Version2.3.7
CmuCyrus Imap Server Version2.3.8
CmuCyrus Imap Server Version2.3.9
CmuCyrus Imap Server Version2.3.10
CmuCyrus Imap Server Version2.3.11
CmuCyrus Imap Server Version2.3.12
CmuCyrus Imap Server Version2.3.13
CmuCyrus Imap Server Version2.3.14
CmuCyrus Imap Server Version2.3.15
CmuCyrus Imap Server Version2.3.16
CmuCyrus Imap Server Version2.4.0
CmuCyrus Imap Server Version2.4.1
CmuCyrus Imap Server Version2.4.2
CmuCyrus Imap Server Version2.4.3
CmuCyrus Imap Server Version2.4.4
CmuCyrus Imap Server Version2.4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4% 0.892
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.kb.cert.org/vuls/id/555316
US Government Resource
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423
Patch
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424
Patch
http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html
http://openwall.com/lists/oss-security/2011/05/17/15
Patch
http://openwall.com/lists/oss-security/2011/05/17/2
Patch
http://secunia.com/advisories/44670
http://secunia.com/advisories/44876
http://secunia.com/advisories/44913
http://secunia.com/advisories/44928
http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php
http://www.debian.org/security/2011/dsa-2242
http://www.debian.org/security/2011/dsa-2258
http://www.mandriva.com/security/advisories?name=MDVSA-2011:100
http://www.redhat.com/support/errata/RHSA-2011-0859.html
http://www.securitytracker.com/id?1025625
https://bugzilla.redhat.com/show_bug.cgi?id=705288
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67867