72186 : Cyrus IMAP Server STARTTLS Arbitrary Plaintext Command Injection
Printer | http://osvdb.org/72186 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
7	1151	about 2 years ago	12 months ago	10 times	100%

Timeline

Disclosure Date
2011-03-30

Description

Cyrus IMAP Server contains a flaw related to the TLS implementation failing to properly clear transport layer buffers when changing from plaintext to ciphertext upon receipt of the 'STARTTLS' command. This may allow a remote attacker to inject arbitrary plaintext data which will be executed upon transition to ciphertext.

Classification

Location: Remote / Network Access
Attack Type: Cryptographic
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 2.4.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Carnegie Mellon University	Cyrus IMAP Server	2.4.0
		2.4.3
		2.4.5
		2.4.6

References

Security Tracker: 1025179
CVE ID: 2011-0411 (see also: NVD) 2011-1926 (see also: NVD)
Secunia Advisory ID: 43646 43874 44414 44506 44670 44863 44876 44913 44928 45269 46417
Bugtraq ID: 46767
CERT VU: 555316
ISS X-Force ID: 65932
Related OSVDB ID: 71021
VUPEN Advisory: ADV-2011-0611 ADV-2011-0752 ADV-2011-0891
Vendor Specific News/Changelog Entry: http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=190
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424
http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162
http://kolab.org/pipermail/kolab-announce/2011/000101.html
http://lists.debian.org/debian-security-announce/2011/msg00128.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html
http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php
http://www.kb.cert.org/vuls/id/MORO-8ELH6Z
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.postfix.org/CVE-2011-0411.html
https://bugzilla.redhat.com/show_bug.cgi?id=705288
Other Advisory URL: http://cyrusimap.org/mediawiki/index.php/Bugs_Resolved_in_2.4.7
http://openwall.com/lists/oss-security/2011/05/17/15
http://openwall.com/lists/oss-security/2011/05/17/2
Mail List Post: http://lists.apple.com/archives/security-announce/2011/Oct//msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html
http://seclists.org/fulldisclosure/2011/May/458
http://seclists.org/fulldisclosure/2011/May/485
RedHat RHSA: http://rhn.redhat.com/errata/RHSA-2011-0859.html
RHSA-2011:0423
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5002
http://www.debian.org/security/2011/dsa-2242
https://hermes.opensuse.org/messages/9594419
https://hermes.opensuse.org/messages/9594427
https://hermes.opensuse.org/messages/9594600
https://hermes.opensuse.org/messages/9594634
https://hermes.opensuse.org/messages/9603385

Tools & Filters

	54639 55030 55065

Credit

Not Available

CVSSv2 Score

CVSSv2 Base Score = 5.1
Source: nvd.nist.gov | Generated: 2011-05-24 | Disagree? | There are 1 more: View All

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.