CVE-2011-1926

cyrus-imapd: STARTTLS plaintext command injection

Severity Score

5.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

La implementación STARTTLS en Cyrus IMAP Server anterior a v2.4.7 no restringe adecuadamente el búfer de Entrada/Salida, lo que permite ataques "man-in-the-middle" para insertar comandos en sesiones cifradas enviando un comando en texto claro que se procesa después de TLS en su lugar, relacionado con un ataque "inyección de comandos de texto claro", una tarea similar a CVE-2011-0411.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-05-09 CVE Reserved
2011-05-23 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (21)

URL	Tag	Source
http://secunia.com/advisories/44670	Third Party Advisory
http://secunia.com/advisories/44876	Third Party Advisory
http://secunia.com/advisories/44913	Third Party Advisory
http://secunia.com/advisories/44928	Third Party Advisory
http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php	X_refsource_confirm
http://www.kb.cert.org/vuls/id/555316	Third Party Advisory
http://www.securitytracker.com/id?1025625	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/67867	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423	2018-10-30
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424	2018-10-30
http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162	2018-10-30
http://openwall.com/lists/oss-security/2011/05/17/15	2018-10-30
http://openwall.com/lists/oss-security/2011/05/17/2	2018-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=705288	2011-06-08

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html	2018-10-30
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html	2018-10-30
http://www.debian.org/security/2011/dsa-2242	2018-10-30
http://www.debian.org/security/2011/dsa-2258	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2011:100	2018-10-30
http://www.redhat.com/support/errata/RHSA-2011-0859.html	2018-10-30
https://access.redhat.com/security/cve/CVE-2011-1926	2011-06-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				<= 2.4.6 Search vendor "Cmu" for product "Cyrus Imap Server" and version " <= 2.4.6"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.0.17 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.0.17"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.1.16 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.1.16"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.1.17 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.1.17"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.1.18 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.1.18"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.8 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.8"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.9 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.9"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.10 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.10"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.11 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.11"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.12 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.12"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.13 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.13"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.2.13p1 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.2.13p1"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.0 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.0"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.1 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.1"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.2 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.2"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.3 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.3"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.4 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.4"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.5 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.5"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.6 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.6"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.7 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.7"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.8 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.8"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.9 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.9"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.10 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.10"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.11 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.11"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.12 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.12"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.13 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.13"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.14 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.14"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.15 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.15"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.3.16 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.3.16"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.4.0 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.4.0"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.4.1 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.4.1"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.4.2 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.4.2"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.4.3 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.4.3"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.4.4 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.4.4"		-		Affected
Cmu Search vendor "Cmu"		Cyrus Imap Server Search vendor "Cmu" for product "Cyrus Imap Server"				2.4.5 Search vendor "Cmu" for product "Cyrus Imap Server" and version "2.4.5"		-		Affected