ID CVE-2011-3481
Summary The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
References
Vulnerable Configurations
  • Carnegie Mellon University Cyrus Imap Server 2.0.17
    cpe:2.3:a:cmu:cyrus_imap_server:2.0.17
  • Carnegie Mellon University Cyrus Imap Server 2.1.16
    cpe:2.3:a:cmu:cyrus_imap_server:2.1.16
  • Carnegie Mellon University Cyrus Imap Server 2.1.17
    cpe:2.3:a:cmu:cyrus_imap_server:2.1.17
  • Carnegie Mellon University Cyrus Imap Server 2.1.18
    cpe:2.3:a:cmu:cyrus_imap_server:2.1.18
  • Carnegie Mellon University Cyrus Imap Server 2.2.8
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.8
  • Carnegie Mellon University Cyrus Imap Server 2.2.9
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.9
  • Carnegie Mellon University Cyrus Imap Server 2.2.10
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.10
  • Carnegie Mellon University Cyrus Imap Server 2.2.11
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.11
  • Carnegie Mellon University Cyrus Imap Server 2.2.12
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.12
  • Carnegie Mellon University Cyrus Imap Server 2.2.13
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.13
  • Carnegie Mellon University Cyrus Imap Server 2.2.13p1
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.13p1
  • Carnegie Mellon University Cyrus Imap Server 2.3.0
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.0
  • Carnegie Mellon University Cyrus Imap Server 2.3.1
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.1
  • Carnegie Mellon University Cyrus Imap Server 2.3.2
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.2
  • Carnegie Mellon University Cyrus Imap Server 2.3.3
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.3
  • Carnegie Mellon University Cyrus Imap Server 2.3.4
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.4
  • Carnegie Mellon University Cyrus Imap Server 2.3.5
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.5
  • Carnegie Mellon University Cyrus Imap Server 2.3.6
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.6
  • Carnegie Mellon University Cyrus Imap Server 2.3.7
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.7
  • Carnegie Mellon University Cyrus Imap Server 2.3.8
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.8
  • Carnegie Mellon University Cyrus Imap Server 2.3.9
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.9
  • Carnegie Mellon University Cyrus Imap Server 2.3.10
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.10
  • Carnegie Mellon University Cyrus Imap Server 2.3.11
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.11
  • Carnegie Mellon University Cyrus Imap Server 2.3.12
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.12
  • Carnegie Mellon University Cyrus Imap Server 2.3.13
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.13
  • Carnegie Mellon University Cyrus Imap Server 2.3.14
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.14
  • Carnegie Mellon University Cyrus Imap Server 2.3.15
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.15
  • Carnegie Mellon University Cyrus Imap Server 2.3.16
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.16
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.17
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.17
  • Carnegie Mellon University Cyrus Imap Server 2.4.0
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.0
  • Carnegie Mellon University Cyrus Imap Server 2.4.1
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.1
  • Carnegie Mellon University Cyrus Imap Server 2.4.2
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.2
  • Carnegie Mellon University Cyrus Imap Server 2.4.3
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.3
  • Carnegie Mellon University Cyrus Imap Server 2.4.4
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.4
  • Carnegie Mellon University Cyrus Imap Server 2.4.5
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.5
  • Carnegie Mellon University Cyrus Imap Server 2.4.6
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.6
  • Carnegie Mellon University Cyrus Imap Server 2.4.7
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.7
  • Carnegie Mellon University Cyrus Imap Server 2.4.8
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.8
  • Carnegie Mellon University Cyrus Imap Server 2.4.9
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.9
  • Carnegie Mellon University Cyrus Imap Server 2.4.10
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.10
CVSS
Base: 4.3 (as of 14-09-2011 - 14:32)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-16 (Cyrus IMAP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated local or remote attacker may be able to execute arbitrary code with the privileges of the Cyrus IMAP Server process or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56591
    published 2011-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56591
    title GLSA-201110-16 : Cyrus IMAP Server: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111201_CYRUS_IMAPD_ON_SL4_X.NASL
    description The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61182
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61182
    title Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CYRUS-IMAPD-111005.NASL
    description An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 57096
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57096
    title SuSE 11.1 Security Update : cyrus-imapd (SAT Patch Number 5233)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1508.NASL
    description From Red Hat Security Advisory 2011:1508 : Updated cyrus-imapd packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481) Red Hat would like to thank the Cyrus IMAP project for reporting the CVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter of CVE-2011-3372. Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68397
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68397
    title Oracle Linux 4 / 5 / 6 : cyrus-imapd (ELSA-2011-1508)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1508.NASL
    description Updated cyrus-imapd packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481) Red Hat would like to thank the Cyrus IMAP project for reporting the CVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter of CVE-2011-3372. Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56991
    published 2011-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56991
    title RHEL 4 / 5 / 6 : cyrus-imapd (RHSA-2011:1508)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_CYRUS-IMAPD-111005.NASL
    description An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75459
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75459
    title openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:1170-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CYRUS-IMAPD-7786.NASL
    description An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 56605
    published 2011-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56605
    title SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7786)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_CYRUS-IMAPD-111005.NASL
    description An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75811
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75811
    title openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:1170-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2377.NASL
    description It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57517
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57517
    title Debian DSA-2377-1 : cyrus-imapd-2.2 - NULL pointer dereference
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-27.NASL
    description An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69586
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69586
    title Amazon Linux AMI : cyrus-imapd (ALAS-2011-27)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CYRUS-IMAPD-7785.NASL
    description An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 57176
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57176
    title SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7785)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1508.NASL
    description Updated cyrus-imapd packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481) Red Hat would like to thank the Cyrus IMAP project for reporting the CVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter of CVE-2011-3372. Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 56985
    published 2011-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56985
    title CentOS 4 / 5 : cyrus-imapd (CESA-2011:1508)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-037.NASL
    description A vulnerability has been found and corrected in cyrus-imapd : The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message (CVE-2011-3481). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58476
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58476
    title Mandriva Linux Security Advisory : cyrus-imapd (MDVSA-2012:037)
redhat via4
advisories
bugzilla
id 740822
title CVE-2011-3372 cyrus-imapd: nntpd authentication bypass
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508002
        • comment cyrus-imapd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116003
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508006
        • comment cyrus-imapd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116005
      • AND
        • comment cyrus-imapd-murder is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508012
        • comment cyrus-imapd-murder is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116007
      • AND
        • comment cyrus-imapd-nntp is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508004
        • comment cyrus-imapd-nntp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116013
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508010
        • comment cyrus-imapd-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116011
      • AND
        • comment perl-Cyrus is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508008
        • comment perl-Cyrus is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116009
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.3.16-6.el6_1.4
          oval oval:com.redhat.rhsa:tst:20111508018
        • comment cyrus-imapd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110859028
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.3.16-6.el6_1.4
          oval oval:com.redhat.rhsa:tst:20111508020
        • comment cyrus-imapd-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110859032
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.3.16-6.el6_1.4
          oval oval:com.redhat.rhsa:tst:20111508022
        • comment cyrus-imapd-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110859030
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508025
        • comment cyrus-imapd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116016
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508029
        • comment cyrus-imapd-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116020
      • AND
        • comment cyrus-imapd-perl is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508027
        • comment cyrus-imapd-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116022
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508031
        • comment cyrus-imapd-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116018
rhsa
id RHSA-2011:1508
released 2011-12-01
severity Moderate
title RHSA-2011:1508: cyrus-imapd security update (Moderate)
rpms
  • cyrus-imapd-0:2.2.12-17.el4
  • cyrus-imapd-devel-0:2.2.12-17.el4
  • cyrus-imapd-murder-0:2.2.12-17.el4
  • cyrus-imapd-nntp-0:2.2.12-17.el4
  • cyrus-imapd-utils-0:2.2.12-17.el4
  • perl-Cyrus-0:2.2.12-17.el4
  • cyrus-imapd-0:2.3.16-6.el6_1.4
  • cyrus-imapd-devel-0:2.3.16-6.el6_1.4
  • cyrus-imapd-utils-0:2.3.16-6.el6_1.4
  • cyrus-imapd-0:2.3.7-12.el5_7.2
  • cyrus-imapd-devel-0:2.3.7-12.el5_7.2
  • cyrus-imapd-perl-0:2.3.7-12.el5_7.2
  • cyrus-imapd-utils-0:2.3.7-12.el5_7.2
refmap via4
confirm
mandriva MDVSA-2012:037
xf cyrus-imap-indexgetids-dos(69842)
Last major update 28-12-2011 - 23:13
Published 14-09-2011 - 13:17
Last modified 30-10-2018 - 12:26
Back to Top