DSA-2257-1 kolab-cyrus-imapd -- implementation errorID: oval:org.secpod.oval:def:600567 | Date: (C)2011-06-14 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.
Platform: |
Debian 5.0 |
Debian 6.0 |
Product: |
kolab-cyrus-imapd |