CLSA-2025-1738170525 Fix CVE(s): CVE-2019-18928

SECURITY UPDATE: Privilege escalation via HTTP request interpretation - debian/patches/CVE-2019-18928.patch: drop auth credentials if not a backend in a Murder to prevent unauthorized access - CVE-2019-18928...

CVE-2019-18928

creationtimestamp| type| source ---|---|--- 2024-02-20 16:22:29+00:00| seen| https://t.me/ctinow/188654...

CentOS 8 : cyrus-imapd (CESA-2020:4655)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4655 advisory. - cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if th...

Moderate: Red Hat Security Advisory: cyrus-imapd security update

An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RHEL 8 : cyrus-imapd (RHSA-2020:4655)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4655 advisory. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd:...

Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used,...

Fedora 30 : cyrus-imapd (2019-393e1cef4d)

Update to version 3.0.12 of cyrus-imapd, which includes among other fixes a fix for CVE-2019-18928. https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 31 : cyrus-imapd (2019-03be160f9c)

Update to version 3.0.12 of cyrus-imapd, which includes among other fixes a fix for CVE-2019-18928. https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.14-alt0.M80P.1

2.5.14-alt0.M80P.1 built Nov. 22, 2019 Sergey Y. Afonin in task 240906 Nov. 17, 2019 Sergey Y. Afonin - 2.5.14 fixes: CVE-2019-18928 - logging of reached limits the patch from the https://github.com/cyrusimap/cyrus-imapd/issues/2913...

Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.12-alt1

3.0.12-alt1 built Nov. 20, 2019 Sergey Y. Afonin in task 240896 Nov. 16, 2019 Sergey Y. Afonin - 3.0.12 fixes: CVE-2019-18928 - logging of reached limits the patch from the https://github.com/cyrusimap/cyrus-imapd/issues/2913...

Cyrus IMAP 2.5.x < 2.5.14, 3.0.x < 3.0.12 Privilege Escalation Vulnerability

Cyrus IMAP is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cyrus:imap"; if...

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

CVE-2019-18928

CVE-2019-18928 affects Cyrus IMAP server (Cyrus IMAPD) in 2.5.x before 2.5.14 and 3.x before 3.0.12. The vulnerability allows privilege escalation because an HTTP request may be interpreted in the authentication context of a previous request that arrived on the same connection. This is a server-s...