CVE-2011-1926: Command Injection
First published: Tue May 17 2011(Updated: )
It was found, that Cyrus IMAP recognized IMAP, LMTP, NNTP and POP3 protocol commands during plaintex to TLS session switch (by TLS protocol initialization). A remote attacker could use this flaw to insert plaintext, protocol relevant, commands into TLS protocol initialization messages, leading to execution of these commands during the ciphertext protocol phase, potentially allowing the attacker to steal the victim's mail or authentication credentials. References: [1] <a href="http://www.kb.cert.org/vuls/id/555316">http://www.kb.cert.org/vuls/id/555316</a> [2] <a href="http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423">http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423</a> Relevant upstream patch: [3] <a href="http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162">http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmu Cyrus Imap Server | =2.2.12 | |
| Cmu Cyrus Imap Server | =2.3.13 | |
| Cmu Cyrus Imap Server | =2.2.13p1 | |
| Cmu Cyrus Imap Server | =2.3.12 | |
| Cmu Cyrus Imap Server | =2.4.1 | |
| Cmu Cyrus Imap Server | =2.1.17 | |
| Cmu Cyrus Imap Server | =2.4.5 | |
| Cmu Cyrus Imap Server | =2.3.6 | |
| Cmu Cyrus Imap Server | =2.3.0 | |
| Cmu Cyrus Imap Server | =2.2.11 | |
| Cmu Cyrus Imap Server | =2.3.14 | |
| Cmu Cyrus Imap Server | =2.3.2 | |
| Cmu Cyrus Imap Server | <=2.4.6 | |
| Cmu Cyrus Imap Server | =2.4.0 | |
| Cmu Cyrus Imap Server | =2.3.11 | |
| Cmu Cyrus Imap Server | =2.3.8 | |
| Cmu Cyrus Imap Server | =2.3.5 | |
| Cmu Cyrus Imap Server | =2.2.9 | |
| Cmu Cyrus Imap Server | =2.4.3 | |
| Cmu Cyrus Imap Server | =2.4.4 | |
| Cmu Cyrus Imap Server | =2.3.9 | |
| Cmu Cyrus Imap Server | =2.3.10 | |
| Cmu Cyrus Imap Server | =2.2.13 | |
| Cmu Cyrus Imap Server | =2.1.16 | |
| Cmu Cyrus Imap Server | =2.3.7 | |
| Cmu Cyrus Imap Server | =2.2.8 | |
| Cmu Cyrus Imap Server | =2.3.16 | |
| Cmu Cyrus Imap Server | =2.0.17 | |
| Cmu Cyrus Imap Server | =2.3.1 | |
| Cmu Cyrus Imap Server | =2.4.2 | |
| Cmu Cyrus Imap Server | =2.3.4 | |
| Cmu Cyrus Imap Server | =2.2.10 | |
| Cmu Cyrus Imap Server | =2.1.18 | |
| Cmu Cyrus Imap Server | =2.3.3 | |
| Cmu Cyrus Imap Server | =2.3.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423
- http://www.kb.cert.org/vuls/id/555316
- http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php
- https://bugzilla.redhat.com/show_bug.cgi?id=705288
- http://openwall.com/lists/oss-security/2011/05/17/15
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424
- http://openwall.com/lists/oss-security/2011/05/17/2
- http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162
- http://www.debian.org/security/2011/dsa-2242
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:100
- http://secunia.com/advisories/44670
- http://secunia.com/advisories/44913
- http://www.debian.org/security/2011/dsa-2258
- http://www.redhat.com/support/errata/RHSA-2011-0859.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html
- http://www.securitytracker.com/id?1025625
- http://secunia.com/advisories/44928
- http://secunia.com/advisories/44876
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67867
- http://www.openwall.com/lists/oss-security/2011/05/17/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=705294
- https://access.redhat.com/security/cve/CVE-2011-1926
- https://rhn.redhat.com/errata/RHSA-2011-0859.html
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1926
- vendor/cmu
- canonical/cmu cyrus imap server
- version/cmu cyrus imap server/2.2.12
- version/cmu cyrus imap server/2.3.13
- version/cmu cyrus imap server/2.2.13p1
- version/cmu cyrus imap server/2.3.12
- version/cmu cyrus imap server/2.4.1
- version/cmu cyrus imap server/2.1.17
- version/cmu cyrus imap server/2.4.5
- version/cmu cyrus imap server/2.3.6
- version/cmu cyrus imap server/2.3.0
- version/cmu cyrus imap server/2.2.11
- version/cmu cyrus imap server/2.3.14
- version/cmu cyrus imap server/2.3.2
- version/cmu cyrus imap server/2.4.6
- version/cmu cyrus imap server/2.4.0
- version/cmu cyrus imap server/2.3.11
- version/cmu cyrus imap server/2.3.8
- version/cmu cyrus imap server/2.3.5
- version/cmu cyrus imap server/2.2.9
- version/cmu cyrus imap server/2.4.3
- version/cmu cyrus imap server/2.4.4
- version/cmu cyrus imap server/2.3.9
- version/cmu cyrus imap server/2.3.10
- version/cmu cyrus imap server/2.2.13
- version/cmu cyrus imap server/2.1.16
- version/cmu cyrus imap server/2.3.7
- version/cmu cyrus imap server/2.2.8
- version/cmu cyrus imap server/2.3.16
- version/cmu cyrus imap server/2.0.17
- version/cmu cyrus imap server/2.3.1
- version/cmu cyrus imap server/2.4.2
- version/cmu cyrus imap server/2.3.4
- version/cmu cyrus imap server/2.2.10
- version/cmu cyrus imap server/2.1.18
- version/cmu cyrus imap server/2.3.3
- version/cmu cyrus imap server/2.3.15