Published: 14/09/2011 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server prior to 2.3.17 and 2.4.x prior to 2.4.11 allows remote malicious users to execute arbitrary code via a crafted NNTP command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cmu cyrus imap server 2.0.17
cmu cyrus imap server 2.1.16
cmu cyrus imap server 2.2.11
cmu cyrus imap server 2.2.9
cmu cyrus imap server 2.3.1
cmu cyrus imap server 2.3.0
cmu cyrus imap server 2.3.11
cmu cyrus imap server 2.1.17
cmu cyrus imap server 2.1.18
cmu cyrus imap server 2.2.10
cmu cyrus imap server 2.2.8
cmu cyrus imap server 2.3.15
cmu cyrus imap server 2.3.13
cmu cyrus imap server 2.3.9
cmu cyrus imap server 2.3.10
cmu cyrus imap server 2.3.14
cmu cyrus imap server 2.2.14
cmu cyrus imap server 2.2.12
cmu cyrus imap server 2.3.4
cmu cyrus imap server 2.3.12
cmu cyrus imap server 2.3.7
cmu cyrus imap server 2.3.8
cmu cyrus imap server 2.2.13p1
cmu cyrus imap server 2.2.13
cmu cyrus imap server 2.3.2
cmu cyrus imap server 2.3.3
cmu cyrus imap server 2.3.5
cmu cyrus imap server 2.3.6
cmu cyrus imap server
cmu cyrus imap server 2.4.0
cmu cyrus imap server 2.4.1
cmu cyrus imap server 2.4.6
cmu cyrus imap server 2.4.2
cmu cyrus imap server 2.4.7
cmu cyrus imap server 2.4.10
cmu cyrus imap server 2.4.9
cmu cyrus imap server 2.4.3
cmu cyrus imap server 2.4.4
cmu cyrus imap server 2.4.8
cmu cyrus imap server 2.4.5

Multiple security issues have been discovered in cyrus-imapd, a highly scalable mail system designed for use in enterprise environments The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3208 Coverity discovered a stack-based buffer overflow in the NNTP server implementation (nttpd) of cyrus-imapd ...

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user ...

CWE-119 http://www.osvdb.org/75307 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d http://securitytracker.com/id?1026031 http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd https://bugzilla.redhat.com/show_bug.cgi?id=734926 http://secunia.com/advisories/45938 http://www.securityfocus.com/bid/49534 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 http://www.redhat.com/support/errata/RHSA-2011-1317.html http://secunia.com/advisories/45975 https://hermes.opensuse.org/messages/11723935 http://secunia.com/advisories/46064 http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://www.debian.org/security/2011/dsa-2318 https://exchange.xforce.ibmcloud.com/vulnerabilities/69679 https://nvd.nist.gov https://www.debian.org/security/./dsa-2318

CVE-2011-3208

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect