4 results (0.005 seconds)

CVSS: 7.5EPSS: 26%CPEs: 40EXPL: 0

CVE-2011-3208 – cyrus-imapd: nntpd buffer overflow in split_wildmats()

https://notcve.org/view.php?id=CVE-2011-3208

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. Desbordamiento de búfer basado en la pila en la función split_wildmats en nntpd.c en nntpd en el servidor Cyrus IMAP antes de la verison v2.3.17 y en v2.4.x antes de v2.4.11 permite a atacantes remotos ejecutar código de su elección mediante un comando NNTP debidamente modificado. • http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html http://secunia.com/advisories/45938 http://secunia.com/advisories/45975 http://secunia.com/advisories • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 2%CPEs: 40EXPL: 0

CVE-2011-3481 – cyrus-imapd: NULL pointer dereference via crafted References header in email

https://notcve.org/view.php?id=CVE-2011-3481

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. La función index_get_ids en index.c en imapd del Servidor Cyrus IMAP antes de la versión v2.4.11, cuando multihilo en elado del servidor está activado, permite a atacantes remotos causar una denegación de servicio (puntero a NULL y caída del demonio) a través de una cabecera 'References' debidamente modifcada en un mensaje de correo electrónico. • http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463 http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5 http://www.mandriva.com/security/advisories?name=MDVSA-2012:037 http://www.redhat.com/support/errata/RHSA-2011-1508.html https://exchange.xforce.ibmcloud.com/vulnerabilities/69842 https://access.redhat.com/security/cve/CVE-2011-3481 https://bugzilla.redhat.com/show_bug.cgi? • CWE-476: NULL Pointer Dereference •

CVSS: 5.1EPSS: 1%CPEs: 35EXPL: 0

CVE-2011-1926 – cyrus-imapd: STARTTLS plaintext command injection

https://notcve.org/view.php?id=CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en Cyrus IMAP Server anterior a v2.4.7 no restringe adecuadamente el búfer de Entrada/Salida, lo que permite ataques "man-in-the-middle" para insertar comandos en sesiones cifradas enviando un comando en texto claro que se procesa después de TLS en su lugar, relacionado con un ataque "inyección de comandos de texto claro", una tarea similar a CVE-2011-0411. • http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html http://openwall.com/lists/oss-security/2011/05/17/15 http://openwall.com/lists/oss-security/2011/05/17/2 http://secunia.com/advisories/44670 ht • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-2632 – cyrus-imapd: buffer overflow in cyrus sieve

https://notcve.org/view.php?id=CVE-2009-2632

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. Un desbordamiento de búfer en el componente script SIEVE (archivo sieve/script.c), tal y como es usado en cyrus-imapd en IMAP Server versiones 2.2.13 y 2.3.14, y Dovecot versiones 1.0 anteriores a 1.0.4 y versiones 1.1 anteriores a 1.1.7, de Cyrus, permite a los usuarios locales ejecutar código arbitrario y leer o modificar mensajes arbitrarios por medio de un script SIEVE diseñado, relacionado con el uso incorrecto del operador sizeof para determinar la longitud del búfer, combinado con un error de firma de enteros. • http://dovecot.org/list/dovecot-news/2009-September/000135.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36629 http://secunia.com/advisories/36632 http://secunia.com/advisories/36698 http://secunia.com/advisories/36713 http://secunia.com/advisories/36904 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2009/dsa-1881 http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •