Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2011:0859
HistoryJun 08, 2011 - 8:42 p.m.

cyrus, perl security update

2011-06-0820:42:26
CentOS Project
lists.centos.org
46

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

CentOS Errata and Security Advisory CESA-2011:0859

The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and Sieve support.

It was discovered that cyrus-imapd did not flush the received commands
buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3
sessions. A man-in-the-middle attacker could use this flaw to inject
protocol commands into a victim’s TLS session initialization messages. This
could lead to those commands being processed by cyrus-imapd, potentially
allowing the attacker to steal the victim’s mail or authentication
credentials. (CVE-2011-1926)

Users of cyrus-imapd are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the update, cyrus-imapd will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-August/079835.html
https://lists.centos.org/pipermail/centos-announce/2011-August/079836.html
https://lists.centos.org/pipermail/centos-announce/2011-June/079773.html
https://lists.centos.org/pipermail/centos-announce/2011-June/079774.html

Affected packages:
cyrus-imapd
cyrus-imapd-devel
cyrus-imapd-murder
cyrus-imapd-nntp
cyrus-imapd-perl
cyrus-imapd-utils
perl-Cyrus

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0859

OSVersionArchitecturePackageVersionFilename
CentOS5x86_64cyrus-imapd< 2.3.7-7.el5_6.4cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm
CentOS5i386cyrus-imapd-devel< 2.3.7-7.el5_6.4cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
CentOS5x86_64cyrus-imapd-devel< 2.3.7-7.el5_6.4cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm
CentOS5x86_64cyrus-imapd-perl< 2.3.7-7.el5_6.4cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm
CentOS5x86_64cyrus-imapd-utils< 2.3.7-7.el5_6.4cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm
CentOS5i386cyrus-imapd< 2.3.7-7.el5_6.4cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm
CentOS5i386cyrus-imapd-devel< 2.3.7-7.el5_6.4cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
CentOS5i386cyrus-imapd-perl< 2.3.7-7.el5_6.4cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm
CentOS5i386cyrus-imapd-utils< 2.3.7-7.el5_6.4cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm
CentOS4i386cyrus-imapd< 2.2.12-15.el4_8cyrus-imapd-2.2.12-15.el4_8.i386.rpm
Rows per page:
1-10 of 211

Related

nessus 16
openvas 24
fedora 3
oraclelinux 1
debian 2
redhat 1
veracode 1
nvd 1
prion 1
cve 1
securityvulns 2
ubuntucve 1
cvelist 1
nessus
nessus
Debian DSA-2242-1 : cyrus-imapd-2.2 - implementation error
2011-06-10 00:00:00
Fedora 14 : cyrus-imapd-2.3.16-8.fc14 (2011-7217)
2011-06-12 00:00:00
openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:0800-1)
2014-06-13 00:00:00
openvas
openvas
CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
2012-07-30 00:00:00
Oracle: Security Advisory (ELSA-2011-0859)
2015-10-06 00:00:00
CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
2011-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13
2011-06-11 04:34:18
[SECURITY] Fedora 14 Update: cyrus-imapd-2.3.16-8.fc14
2011-06-11 04:24:35
[SECURITY] Fedora 14 Update: cyrus-imapd-2.3.18-1.fc14
2011-10-13 23:51:49
oraclelinux
oraclelinux
cyrus-imapd security update
2011-06-08 00:00:00
debian
debian
[SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update
2011-06-11 16:51:16
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update
2011-05-25 19:56:25
redhat
redhat
(RHSA-2011:0859) Moderate: cyrus-imapd security update
2011-06-08 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 01:03:51
nvd
nvd
CVE-2011-1926
2011-05-23 22:55:01
prion
prion
Command injection
2011-05-23 22:55:00
cve
cve
CVE-2011-1926
2011-05-23 22:55:01
securityvulns
securityvulns
[ MDVSA-2011:100 ] cyrus-imapd
2011-05-25 00:00:00
STARTTLS vulnerability in different mail applications
2012-10-04 00:00:00
ubuntucve
ubuntucve
CVE-2011-1926
2011-05-23 00:00:00
cvelist
cvelist
CVE-2011-1926
2011-05-23 22:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON
Related for CESA-2011:0859
nessus16openvas24fedora3oraclelinux1debian2redhat1veracode1nvd1prion1cve1securityvulns2ubuntucve1cvelist1