Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3208

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3208
Last Modified 28 Dec 2011 12:00:00
Published 14 Sep 2011 01:17:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3208

Summary

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

Vulnerable Systems

Application

  • Cmu Cyrus Imap Server 2.0.17

  • Cmu Cyrus Imap Server 2.1.16

  • Cmu Cyrus Imap Server 2.1.17

  • Cmu Cyrus Imap Server 2.1.18

  • Cmu Cyrus Imap Server 2.2.10

  • Cmu Cyrus Imap Server 2.2.11

  • Cmu Cyrus Imap Server 2.2.12

  • Cmu Cyrus Imap Server 2.2.13

  • Cmu Cyrus Imap Server 2.2.13p1

  • Cmu Cyrus Imap Server 2.2.14

  • Cmu Cyrus Imap Server 2.2.8

  • Cmu Cyrus Imap Server 2.2.9

  • Cmu Cyrus Imap Server 2.3.0

  • Cmu Cyrus Imap Server 2.3.1

  • Cmu Cyrus Imap Server 2.3.10

  • Cmu Cyrus Imap Server 2.3.11

  • Cmu Cyrus Imap Server 2.3.12

  • Cmu Cyrus Imap Server 2.3.12p1

  • Cmu Cyrus Imap Server 2.3.12p2

  • Cmu Cyrus Imap Server 2.3.13

  • Cmu Cyrus Imap Server 2.3.14

  • Cmu Cyrus Imap Server 2.3.15

  • Cmu Cyrus Imap Server 2.3.16

  • Cmu Cyrus Imap Server 2.3.2

  • Cmu Cyrus Imap Server 2.3.3

  • Cmu Cyrus Imap Server 2.3.4

  • Cmu Cyrus Imap Server 2.3.5

  • Cmu Cyrus Imap Server 2.3.6

  • Cmu Cyrus Imap Server 2.3.7

  • Cmu Cyrus Imap Server 2.3.8

  • Cmu Cyrus Imap Server 2.3.9

  • Cmu Cyrus Imap Server 2.4.0

  • Cmu Cyrus Imap Server 2.4.1

  • Cmu Cyrus Imap Server 2.4.10

  • Cmu Cyrus Imap Server 2.4.2

  • Cmu Cyrus Imap Server 2.4.3

  • Cmu Cyrus Imap Server 2.4.4

  • Cmu Cyrus Imap Server 2.4.5

  • Cmu Cyrus Imap Server 2.4.6

  • Cmu Cyrus Imap Server 2.4.7

  • Cmu Cyrus Imap Server 2.4.8

  • Cmu Cyrus Imap Server 2.4.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=734926

CONFIRM - http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd

CONFIRM - http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d

SUSE - SUSE-SU-2011:1034

XF - cyrus-splitwildmats-bo(69679)

BID - 49534

REDHAT - RHSA-2011:1317

OSVDB - 75307

SECTRACK - 1026031

SECUNIA - 46064

SECUNIA - 45975

SECUNIA - 45938

SUSE - openSUSE-SU-2011:1036

MLIST - [cyrus-announce] 20110908 Cyrus 2.4.11 Released

MLIST - [cyrus-announce] 20110908 Cyrus 2.3.17 Released

MANDRIVA - MDVSA-2011:149

DEBIAN - DSA-2318

Related Patches

Red Hat 2011:1317-01 RHSA Important: cyrus-imapd security update for RHEL 5 x86


Last Updated: 27 May 2016 10:57:58