CVE-2011-3481

Related Files

Mandriva Linux Security Advisory 2012-037

Posted Mar 23, 2012

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-037 - The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, imap

systems | linux, mandriva

advisories | CVE-2011-3481

SHA-256 | 6312ad5564a296e8450f12e2352d9bae331005446a5cb929d3c19bf32bef7291

Download | Favorite | View

Debian Security Advisory 2377-1

Posted Jan 2, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2377-1 - It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.

tags | advisory, imap

systems | linux, debian

advisories | CVE-2011-3481

SHA-256 | 14e886dd64794f4903819907a35afc505014e384c7107e2722545359da6f7a97

Download | Favorite | View

Red Hat Security Advisory 2011-1508-01

Posted Dec 1, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1508-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature.

tags | advisory, remote, imap

systems | linux, redhat

advisories | CVE-2011-3372, CVE-2011-3481

SHA-256 | 6b3205303af6886661268ac79f893acb0064e876132277e16c652b3953622d34

Download | Favorite | View

Gentoo Linux Security Advisory 201110-16

Posted Oct 23, 2011

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-16 - The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a denial of service. Versions less than 2.4.12 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, imap

systems | linux, gentoo

advisories | CVE-2009-2632, CVE-2011-3208, CVE-2011-3481

SHA-256 | 1adb16e92a221ed72428ee5be30b3e16bad3de53df09cd8c4f1d076f7af9fee9

Download | Favorite | View