Computer Security
[EN] securityvulns.ru no-pyccku


cyrus-imapd nntp server security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11955
Type:remote
Threat Level:
6/10
Description:Buffer overflow, auuthentication bypass.
Affected:CYRUS : cyrus-imapd 2.3
 CYRUS : cyrus-imapd 2.4
CVE:CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.)
 CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.)
Original documentdocumentSECUNIA, Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability (10.10.2011)
 documentDEBIAN, [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update (10.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod