CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

MiracleLinux 3 : cyrus-imapd-2.3.7-12.AXS3.1 (AXSA:2011-318:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-318:02 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise...

MiracleLinux 3 : cyrus-imapd-2.3.7-2AXS3.2 (AXSA:2009-72:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-72:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise...

MiracleLinux 3 : cyrus-imapd-2.3.7-12.AXS3.2 (AXSA:2011-380:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-380:03 advisory. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IM...

Linux Distros Unpatched Vulnerability : CVE-2015-8078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via...

SUSE CVE-2004-1011

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long 1 PROXY or 2 LOGIN command, a different vulnerability than CVE-2004-1015...

SUSE CVE-2006-2502

Stack-based buffer overflow in pop3d in Cyrus IMAPD cyrus-imapd 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command...

SUSE CVE-2011-3208

Stack-based buffer overflow in the splitwildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command...

SUSE CVE-2015-8076

The indexurlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read...

SUSE CVE-2015-8077

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the startoctet variable. NOTE: this vulnerability exists because of an incomplete fix for...

SUSE CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

DEBIAN-CVE-2021-33582

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16...

Cyrus IMAP 加密问题漏洞

Cyrus IMAP is an open source mail server for the IMAP Interactive Mail Access Protocol protocol based on Unix and Linux operating systems. A cryptographic issue vulnerability exists in Cyrus IMAP that stems from the product's internal hash table not using a valid string encryption algorithm...

UBUNTU-CVE-2021-33582

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16...

UBUNTU-CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

PT-2021-4099 · Unknown +1 · Cyrus Imap +1

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 3.2.7 and earlier, 3.3.x, and 3.4.x before 3.4.1 Description: The issue allows remote authenticated users to bypass intended access restrictions on server annotations, which can cause replication to stall. This is related ...

cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

DEBIAN-CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

PT-2019-5233 · Cyrus +4 · Cyrus Imap +4

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions prior to 2.5.15 Cyrus IMAP versions 3.0.x prior to 3.0.13 Cyrus IMAP versions 3.1.x through 3.1.8 Description: The issue is related to a lack of input validation mechanism in the Cyrus IMAP server, which can be exploited b...

DEBIAN-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...