DSA-2318-1 cyrus-imapd-2.2 -- multipleID: oval:org.secpod.oval:def:600670 | Date: (C)2012-01-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple security issues have been discovered in cyrus-imapd, a highly scalable mail system designed for use in enterprise environments. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3208 Coverity discovered a stack-based buffer overflow in the NNTP server implementation of cyrus-imapd. An attacker can exploit this flaw via several crafted NNTP commands to execute arbitrary code. CVE-2011-3372 Stefan Cornelius of Secunia Research discovered that the command processing of the NNTP server implementation of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication. An attacker can use this flaw to bypass access restrictions for some commands and, e.g. exploit CVE-2011-3208 without proper authentication.
Platform: |
Debian 5.0 |
Debian 6.0 |