ID CVE-2011-3481
Summary The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.2.13p1:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.2.13p1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:p1:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:p1:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:p2:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:p2:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.12p1:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.12p1:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.3.12p2:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.3.12p2:*:*:*:*:*:*:*
  • cpe:2.3:a:cmu:cyrus_imap_server:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:cmu:cyrus_imap_server:2.4.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 740822
title CVE-2011-3372 cyrus-imapd: nntpd authentication bypass
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508001
        • comment cyrus-imapd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116002
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508003
        • comment cyrus-imapd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116004
      • AND
        • comment cyrus-imapd-murder is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508005
        • comment cyrus-imapd-murder is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116006
      • AND
        • comment cyrus-imapd-nntp is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508007
        • comment cyrus-imapd-nntp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116008
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508009
        • comment cyrus-imapd-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116010
      • AND
        • comment perl-Cyrus is earlier than 0:2.2.12-17.el4
          oval oval:com.redhat.rhsa:tst:20111508011
        • comment perl-Cyrus is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116012
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.3.16-6.el6_1.4
          oval oval:com.redhat.rhsa:tst:20111508014
        • comment cyrus-imapd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110859024
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.3.16-6.el6_1.4
          oval oval:com.redhat.rhsa:tst:20111508016
        • comment cyrus-imapd-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110859026
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.3.16-6.el6_1.4
          oval oval:com.redhat.rhsa:tst:20111508018
        • comment cyrus-imapd-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110859028
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508021
        • comment cyrus-imapd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116015
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508023
        • comment cyrus-imapd-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116017
      • AND
        • comment cyrus-imapd-perl is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508025
        • comment cyrus-imapd-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116019
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.3.7-12.el5_7.2
          oval oval:com.redhat.rhsa:tst:20111508027
        • comment cyrus-imapd-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116021
rhsa
id RHSA-2011:1508
released 2011-12-01
severity Moderate
title RHSA-2011:1508: cyrus-imapd security update (Moderate)
rpms
  • cyrus-imapd-0:2.2.12-17.el4
  • cyrus-imapd-0:2.3.16-6.el6_1.4
  • cyrus-imapd-0:2.3.7-12.el5_7.2
  • cyrus-imapd-debuginfo-0:2.2.12-17.el4
  • cyrus-imapd-debuginfo-0:2.3.16-6.el6_1.4
  • cyrus-imapd-debuginfo-0:2.3.7-12.el5_7.2
  • cyrus-imapd-devel-0:2.2.12-17.el4
  • cyrus-imapd-devel-0:2.3.16-6.el6_1.4
  • cyrus-imapd-devel-0:2.3.7-12.el5_7.2
  • cyrus-imapd-murder-0:2.2.12-17.el4
  • cyrus-imapd-nntp-0:2.2.12-17.el4
  • cyrus-imapd-perl-0:2.3.7-12.el5_7.2
  • cyrus-imapd-utils-0:2.2.12-17.el4
  • cyrus-imapd-utils-0:2.3.16-6.el6_1.4
  • cyrus-imapd-utils-0:2.3.7-12.el5_7.2
  • perl-Cyrus-0:2.2.12-17.el4
refmap via4
confirm
mandriva MDVSA-2012:037
xf cyrus-imap-indexgetids-dos(69842)
Last major update 30-10-2018 - 16:26
Published 14-09-2011 - 17:17
Last modified 30-10-2018 - 16:26
Back to Top