Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHSA-2011:0859-01

Overview

Id RHSA-2011:0859-01
Name Red Hat 2011:0859-01 RHSA Moderate: cyrus-imapd security update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Critical - 01 Critical - 01
Language(s)
Operating System(s) Linux 
Released On 08 Jun 2011 12:00:00

RHSA-2011:0859-01

Red Hat 2011:0859-01 RHSA Moderate: cyrus-imapd security update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

08 Jun 2011 12:00:00

Url

https://rhn.redhat.com/errata/RHSA-2011-0859.html

Description

LSAC(v2)
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-1926) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically.

Related Resources

Related Vulnerabilities

CVE-2011-1926  

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:15:09