7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
cyrus-imapd is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.
asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199
asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200
git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d
git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd
lists.opensuse.org/opensuse-updates/2011-09/msg00019.html
secunia.com/advisories/45938
secunia.com/advisories/45975
secunia.com/advisories/46064
securitytracker.com/id?1026031
www.debian.org/security/2011/dsa-2318
www.mandriva.com/security/advisories?name=MDVSA-2011:149
www.osvdb.org/75307
www.redhat.com/support/errata/RHSA-2011-1317.html
www.securityfocus.com/bid/49534
access.redhat.com/errata/RHSA-2011:1317
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=734926
exchange.xforce.ibmcloud.com/vulnerabilities/69679
hermes.opensuse.org/messages/11723935