Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3481

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3481
Last Modified 28 Dec 2011 11:13:38
Published 14 Sep 2011 01:17:07
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3481

Summary

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Vulnerable Systems

Application

  • Cmu Cyrus Imap Server 2.0.17

  • Cmu Cyrus Imap Server 2.1.16

  • Cmu Cyrus Imap Server 2.1.17

  • Cmu Cyrus Imap Server 2.1.18

  • Cmu Cyrus Imap Server 2.2.10

  • Cmu Cyrus Imap Server 2.2.11

  • Cmu Cyrus Imap Server 2.2.12

  • Cmu Cyrus Imap Server 2.2.13

  • Cmu Cyrus Imap Server 2.2.13p1

  • Cmu Cyrus Imap Server 2.2.8

  • Cmu Cyrus Imap Server 2.2.9

  • Cmu Cyrus Imap Server 2.3.0

  • Cmu Cyrus Imap Server 2.3.1

  • Cmu Cyrus Imap Server 2.3.10

  • Cmu Cyrus Imap Server 2.3.11

  • Cmu Cyrus Imap Server 2.3.12

  • Cmu Cyrus Imap Server 2.3.12p1

  • Cmu Cyrus Imap Server 2.3.12p2

  • Cmu Cyrus Imap Server 2.3.13

  • Cmu Cyrus Imap Server 2.3.14

  • Cmu Cyrus Imap Server 2.3.15

  • Cmu Cyrus Imap Server 2.3.16

  • Cmu Cyrus Imap Server 2.3.17

  • Cmu Cyrus Imap Server 2.3.2

  • Cmu Cyrus Imap Server 2.3.3

  • Cmu Cyrus Imap Server 2.3.4

  • Cmu Cyrus Imap Server 2.3.5

  • Cmu Cyrus Imap Server 2.3.6

  • Cmu Cyrus Imap Server 2.3.7

  • Cmu Cyrus Imap Server 2.3.8

  • Cmu Cyrus Imap Server 2.3.9

  • Cmu Cyrus Imap Server 2.4.0

  • Cmu Cyrus Imap Server 2.4.1

  • Cmu Cyrus Imap Server 2.4.10

  • Cmu Cyrus Imap Server 2.4.2

  • Cmu Cyrus Imap Server 2.4.3

  • Cmu Cyrus Imap Server 2.4.4

  • Cmu Cyrus Imap Server 2.4.5

  • Cmu Cyrus Imap Server 2.4.6

  • Cmu Cyrus Imap Server 2.4.7

  • Cmu Cyrus Imap Server 2.4.8

  • Cmu Cyrus Imap Server 2.4.9


References

CONFIRM - http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5

XF - cyrus-imap-indexgetids-dos(69842)

CONFIRM - http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463

CONFIRM - http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772

REDHAT - RHSA-2011:1508

Related Patches

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 4 x86

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 5 x86

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 4 x86_64

Red Hat 2011:1508-01 RHSA Moderate: cyrus-imapd security update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:57:58