Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3372

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3372
Last Modified 26 Dec 2011 12:00:00
Published 24 Dec 2011 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3372

Summary

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Vulnerable Systems

Application

  • Cyrus Imapd 2.4.11


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=740822

REDHAT - RHSA-2011:1508

MANDRIVA - MDVSA-2011:149

DEBIAN - DSA-2318

SECTRACK - 1026363

MISC - http://secunia.com/secunia_research/2011-68

SECUNIA - 46093

CONFIRM - http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594

CONFIRM - http://cyrusimap.org/mediawiki/index.php/Latest_Updates

Related Patches

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 4 x86

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 5 x86

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 4 x86_64

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:57:16