CVE-2011-1926

2011-05-2322:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1926

cyrus imap server

starttls

i/o buffering

man-in-the-middle attack

plaintext command injection

nvd

9.4 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.1%

JSON

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411.

CPENameOperatorVersion
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.12
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.13
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.13p1
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.12
cmu:cyrus_imap_servercmu cyrus imap servereq2.4.1
cmu:cyrus_imap_servercmu cyrus imap servereq2.1.17
cmu:cyrus_imap_servercmu cyrus imap servereq2.4.5
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.6
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.0
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.11

CPE	Name	Operator	Version
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.12
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.13
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.13p1
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.12
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.4.1
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.1.17
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.4.5
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.6
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.0
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.11