4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.6 Medium
AI Score
Confidence
Low
0.021 Low
EPSS
Percentile
89.2%
Debian Security Advisory DSA-2377-1 [email protected]
http://www.debian.org/security/ Nico Golde
Jan 1st, 2012 http://www.debian.org/security/faq
Package : cyrus-imapd-2.2
Vulnerability : NULL pointer dereference
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2011-3481
It was discovered that cyrus-imapd, a highly scalable mail system designed
for use in enterprise environments, is not properly parsing mail headers
when a client makes use of the IMAP threading feature. As a result, a NULL
pointer is dereferenced which crashes the daemon. An attacker can trigger
this by sending a mail containing crafted reference headers and access the
mail with a client that uses the server threading feature of IMAP.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.2.13-14+lenny6.
For the stable distribution (squeeze), this problem has been fixed in
version 2.2.13-19+squeeze3.
For the testing (wheezy) and unstable (sid) distributions, this problem has been
fixed in cyrus-imapd-2.4 version 2.4.11-1.
We recommend that you upgrade your cyrus-imapd-2.2 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | kfreebsd-amd64 | cyrus-murder-2.2 | < 2.2.13-19+squeeze3 | cyrus-murder-2.2_2.2.13-19+squeeze3_kfreebsd-amd64.deb |
Debian | 5 | alpha | cyrus-pop3d-2.2 | < 2.2.13-14+lenny6 | cyrus-pop3d-2.2_2.2.13-14+lenny6_alpha.deb |
Debian | 5 | s390 | cyrus-clients-2.2 | < 2.2.13-14+lenny6 | cyrus-clients-2.2_2.2.13-14+lenny6_s390.deb |
Debian | 5 | i386 | cyrus-imapd-2.2 | < 2.2.13-14+lenny6 | cyrus-imapd-2.2_2.2.13-14+lenny6_i386.deb |
Debian | 5 | mipsel | cyrus-nntpd-2.2 | < 2.2.13-14+lenny6 | cyrus-nntpd-2.2_2.2.13-14+lenny6_mipsel.deb |
Debian | 6 | kfreebsd-i386 | cyrus-pop3d-2.2 | < 2.2.13-19+squeeze3 | cyrus-pop3d-2.2_2.2.13-19+squeeze3_kfreebsd-i386.deb |
Debian | 6 | ia64 | cyrus-pop3d-2.2 | < 2.2.13-19+squeeze3 | cyrus-pop3d-2.2_2.2.13-19+squeeze3_ia64.deb |
Debian | 5 | mips | cyrus-clients-2.2 | < 2.2.13-14+lenny6 | cyrus-clients-2.2_2.2.13-14+lenny6_mips.deb |
Debian | 6 | armel | cyrus-dev-2.2 | < 2.2.13-19+squeeze3 | cyrus-dev-2.2_2.2.13-19+squeeze3_armel.deb |
Debian | 6 | powerpc | cyrus-nntpd-2.2 | < 2.2.13-19+squeeze3 | cyrus-nntpd-2.2_2.2.13-19+squeeze3_powerpc.deb |