The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

An authentication bypass (CVE-2011-3372) and a DoS vulnerability (CVE-2011-3481) have been fixed in the Cyrus IMAPd nntpd.

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372)

A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481)

From Red Hat Security Advisory 2011:1508 :

Updated cyrus-imapd packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support.

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372)

A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481)

Red Hat would like to thank the Cyrus IMAP project for reporting the CVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter of CVE-2011-3372.

Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support.

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372)

A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481)

Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.

A vulnerability has been found and corrected in cyrus-imapd :

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message (CVE-2011-3481).

The updated packages have been patched to correct this issue.

It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.

Updated cyrus-imapd packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support.

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372)

A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481)

Red Hat would like to thank the Cyrus IMAP project for reporting the CVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter of CVE-2011-3372.

Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically.

The remote host is affected by the vulnerability described in GLSA-201110-16 (Cyrus IMAP Server: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Cyrus IMAP Server.
      Please review the CVE identifiers referenced below for details.
  Impact :

    An unauthenticated local or remote attacker may be able to execute       arbitrary code with the privileges of the Cyrus IMAP Server process or       cause a Denial of Service.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
75811	openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:1170-1)	Nessus	SuSE Local Security Checks	high
75459	openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:1170-1)	Nessus	SuSE Local Security Checks	high
69586	Amazon Linux AMI : cyrus-imapd (ALAS-2011-27)	Nessus	Amazon Linux Local Security Checks	high
68397	Oracle Linux 4 / 5 / 6 : cyrus-imapd (ELSA-2011-1508)	Nessus	Oracle Linux Local Security Checks	high
61182	Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
58476	Mandriva Linux Security Advisory : cyrus-imapd (MDVSA-2012:037)	Nessus	Mandriva Local Security Checks	medium
57517	Debian DSA-2377-1 : cyrus-imapd-2.2 - NULL pointer dereference	Nessus	Debian Local Security Checks	medium
57176	SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7785)	Nessus	SuSE Local Security Checks	high
57096	SuSE 11.1 Security Update : cyrus-imapd (SAT Patch Number 5233)	Nessus	SuSE Local Security Checks	high
56991	RHEL 4 / 5 / 6 : cyrus-imapd (RHSA-2011:1508)	Nessus	Red Hat Local Security Checks	high
56985	CentOS 4 / 5 : cyrus-imapd (CESA-2011:1508)	Nessus	CentOS Local Security Checks	high
56605	SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7786)	Nessus	SuSE Local Security Checks	high
56591	GLSA-201110-16 : Cyrus IMAP Server: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high

Detections

Analytics

CVE-2011-3481

high

Tenable Plugins

high

high

high

high

high

medium

medium

high

high

high

high

high

high