Published: 14/09/2011 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The index_get_ids function in index.c in imapd in Cyrus IMAP Server prior to 2.4.11, when server-side threading is enabled, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cmu cyrus imap server 2.3.13
cmu cyrus imap server 2.3.9
cmu cyrus imap server 2.3.7
cmu cyrus imap server 2.3.8
cmu cyrus imap server 2.4.8
cmu cyrus imap server 2.0.17
cmu cyrus imap server 2.2.9
cmu cyrus imap server 2.2.8
cmu cyrus imap server
cmu cyrus imap server 2.3.17
cmu cyrus imap server 2.3.15
cmu cyrus imap server 2.3.2
cmu cyrus imap server 2.4.9
cmu cyrus imap server 2.4.0
cmu cyrus imap server 2.1.16
cmu cyrus imap server 2.4.7
cmu cyrus imap server 2.3.1
cmu cyrus imap server 2.3.0
cmu cyrus imap server 2.3.14
cmu cyrus imap server 2.3.16
cmu cyrus imap server 2.3.12
cmu cyrus imap server 2.3.5
cmu cyrus imap server 2.3.6
cmu cyrus imap server 2.1.18
cmu cyrus imap server 2.2.13p1
cmu cyrus imap server 2.3.10
cmu cyrus imap server 2.2.12
cmu cyrus imap server 2.2.11
cmu cyrus imap server 2.4.4
cmu cyrus imap server 2.4.6
cmu cyrus imap server 2.3.3
cmu cyrus imap server 2.3.4
cmu cyrus imap server 2.4.1
cmu cyrus imap server 2.4.2
cmu cyrus imap server 2.2.10
cmu cyrus imap server 2.1.17
cmu cyrus imap server 2.2.13
cmu cyrus imap server 2.3.11
cmu cyrus imap server 2.4.5
cmu cyrus imap server 2.4.3

Synopsis Moderate: cyrus-imapd security update Type/Severity Security Advisory: Moderate Topic Updated cyrus-imapd packages that fix two security issues are now availablefor Red Hat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Commo ...

It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature As a result, a NULL pointer is dereferenced which crashes the daemon An attacker can trigger this by sending a mail containing crafted reference h ...

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials (CVE-2011-3372) A NULL pointer dereference flaw was found i ...

NVD-CWE-Other http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463 http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5 http://www.redhat.com/support/errata/RHSA-2011-1508.html https://exchange.xforce.ibmcloud.com/vulnerabilities/69842 http://www.mandriva.com/security/advisories?name=MDVSA-2012:037 https://access.redhat.com/errata/RHSA-2011:1508 https://nvd.nist.gov https://www.debian.org/security/./dsa-2377

CVE-2011-3481

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect