Gentoo FoundationMGASA-2020-0010Updated cyrus-imapd packages fix security vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.9%
Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the “fileinto” was used, bypassing ACL checks (CVE-2019-19783).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | cyrus-imapd | < 2.5.15-1 | cyrus-imapd-2.5.15-1.mga7 |
References
bugs.mageia.org/show_bug.cgi?id=25913
lists.fedoraproject.org/archives/list/[email protected]/thread/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/
www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.12.html
www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html
www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html
www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html
www.debian.org/security/2019/dsa-4590
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.9%