Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_CYRUS-IMAPD-110620.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:0800-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.011
Percentile
84.3%
cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands (CVE-2011-1926).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update cyrus-imapd-4736.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75809);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-1926");
script_name(english:"openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:0800-1)");
script_summary(english:"Check for the cyrus-imapd-4736 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"cyrus-imapd recognized commands before switching to an encrypted
channel via STARTTLS. Attackers could potentially exploit that to
inject plain text commands (CVE-2011-1926)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=694247"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2011-07/msg00024.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected cyrus-imapd packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-IMAP");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-IMAP-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-SIEVE-managesieve");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-SIEVE-managesieve-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
script_set_attribute(attribute:"patch_publication_date", value:"2011/06/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.4", reference:"cyrus-imapd-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"cyrus-imapd-debuginfo-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"cyrus-imapd-debugsource-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"cyrus-imapd-devel-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"perl-Cyrus-IMAP-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"perl-Cyrus-IMAP-debuginfo-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"perl-Cyrus-SIEVE-managesieve-2.3.16-16.17.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.16-16.17.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / perl-Cyrus-IMAP / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | cyrus-imapd | p-cpe:/a:novell:opensuse:cyrus-imapd |
| novell | opensuse | cyrus-imapd-debuginfo | p-cpe:/a:novell:opensuse:cyrus-imapd-debuginfo |
| novell | opensuse | cyrus-imapd-debugsource | p-cpe:/a:novell:opensuse:cyrus-imapd-debugsource |
| novell | opensuse | cyrus-imapd-devel | p-cpe:/a:novell:opensuse:cyrus-imapd-devel |
| novell | opensuse | perl-cyrus-imap | p-cpe:/a:novell:opensuse:perl-cyrus-imap |
| novell | opensuse | perl-cyrus-imap-debuginfo | p-cpe:/a:novell:opensuse:perl-cyrus-imap-debuginfo |
| novell | opensuse | perl-cyrus-sieve-managesieve | p-cpe:/a:novell:opensuse:perl-cyrus-sieve-managesieve |
| novell | opensuse | perl-cyrus-sieve-managesieve-debuginfo | p-cpe:/a:novell:opensuse:perl-cyrus-sieve-managesieve-debuginfo |
| novell | opensuse | 11.4 | cpe:/o:novell:opensuse:11.4 |
Related
nessus
nessus
Debian DSA-2242-1 : cyrus-imapd-2.2 - implementation error
2011-06-10 00:00:00
Fedora 14 : cyrus-imapd-2.3.16-8.fc14 (2011-7217)
2011-06-12 00:00:00
SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7584)
2011-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13
2011-06-11 04:34:18
[SECURITY] Fedora 14 Update: cyrus-imapd-2.3.16-8.fc14
2011-06-11 04:24:35
[SECURITY] Fedora 14 Update: cyrus-imapd-2.3.18-1.fc14
2011-10-13 23:51:49
openvas
openvas
CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
2012-07-30 00:00:00
CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
2011-08-09 00:00:00
Oracle: Security Advisory (ELSA-2011-0859)
2015-10-06 00:00:00
oraclelinux
oraclelinux
cyrus-imapd security update
2011-06-08 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 01:03:51
debian
debian
[SECURITY] [DSA 2242-1] cyrus-imapd-2.2 security update
2011-05-25 19:56:25
[SECURITY] [DSA 2258-1] kolab-cyrus-imapd security update
2011-06-11 16:51:16
centos
centos
cyrus, perl security update
2011-06-08 20:42:26
redhat
redhat
(RHSA-2011:0859) Moderate: cyrus-imapd security update
2011-06-08 00:00:00
nvd
nvd
CVE-2011-1926
2011-05-23 22:55:01
prion
prion
Command injection
2011-05-23 22:55:00
ubuntucve
ubuntucve
CVE-2011-1926
2011-05-23 00:00:00
cvelist
cvelist
CVE-2011-1926
2011-05-23 22:00:00
securityvulns
securityvulns
[ MDVSA-2011:100 ] cyrus-imapd
2011-05-25 00:00:00
STARTTLS vulnerability in different mail applications
2012-10-04 00:00:00
cve
cve
CVE-2011-1926
2011-05-23 22:55:01
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.011
Percentile
84.3%
Related for SUSE_11_4_CYRUS-IMAPD-110620.NASL