CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

MiracleLinux 3 : cyrus-imapd-2.3.7-2AXS3.2 (AXSA:2009-72:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-72:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise...

MiracleLinux 3 : cyrus-imapd-2.3.7-12.AXS3.1 (AXSA:2011-318:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-318:02 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise...

MiracleLinux 3 : cyrus-imapd-2.3.7-12.AXS3.2 (AXSA:2011-380:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-380:03 advisory. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IM...

Linux Distros Unpatched Vulnerability : CVE-2015-8078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via...

SUSE CVE-2004-1011

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long 1 PROXY or 2 LOGIN command, a different vulnerability than CVE-2004-1015...

SUSE CVE-2006-2502

Stack-based buffer overflow in pop3d in Cyrus IMAPD cyrus-imapd 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command...

SUSE CVE-2011-3208

Stack-based buffer overflow in the splitwildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command...

SUSE CVE-2015-8076

The indexurlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read...

SUSE CVE-2015-8077

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the startoctet variable. NOTE: this vulnerability exists because of an incomplete fix for...

SUSE CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

The vulnerability of the Cyrus IMAP mail server, related to the use of cryptographic algorithms containing defects, allows attackers to cause service failures.

The vulnerability of the Cyrus IMAP mail server lies in the ability to select a table element for data storage. Exploiting this vulnerability allows an attacker operating remotely to cause a service failure...

The vulnerability of the Cyrus IMAP mail server’s annotations relates to the improper assignment of permissions for critical resources, allowing a perpetrator to cause a service failure.

The vulnerability of the server annotation of the Cyrus IMAP mail server is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow a malicious actor to cause service failures...

DEBIAN-CVE-2021-33582

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16...

UBUNTU-CVE-2021-33582

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16...

Cyrus IMAP 加密问题漏洞

Cyrus IMAP is an open source mail server for the IMAP Interactive Mail Access Protocol protocol based on Unix and Linux operating systems. A cryptographic issue vulnerability exists in Cyrus IMAP that stems from the product's internal hash table not using a valid string encryption algorithm...

UBUNTU-CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

PT-2021-4099 · Unknown +1 · Cyrus Imap +1

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 3.2.7 and earlier, 3.3.x, and 3.4.x before 3.4.1 Description: The issue allows remote authenticated users to bypass intended access restrictions on server annotations, which can cause replication to stall. This is related ...

cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

The vulnerability of many elements of the Cyrus IMAP email server, related to the lack of mechanisms for checking input data, allows attackers to compromise the integrity of information.

The vulnerability of many elements of the Cyrus IMAP email server lies in the lack of mechanisms for checking entered data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of information...