CERTA-2002-AVI-280
Vulnerability from certfr_avis - Published: 2002-12-26 - Updated: 2003-01-06
Une vulnérabilité présente dans le serveur Cyrus IMAP permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.
Description
Le serveur Cyrus IMAP permet à un utilisateur distant de récupérer ses messages électroniques via les protocoles IMAP, POP3 ou KPOP.
Une vulnérabilité de type débordement de mémoire présente dans le serveur Cyrus IMAP permet, sous certaines conditions, à un utilisateur distant d'éxécuter du code arbitraire sur la machine hébergeant le serveur vulnérable.
Il est à noter que cette vulnérabilité est exploitable avant la phase d'authentification.
Solution
La version 2.1.11 de Cyrus IMAP Server corrige cette vulnérabilité.
Cyrus IMAP Server versions 2.1.10 ou antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eCyrus IMAP Server versions 2.1.10 ou ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nLe serveur Cyrus IMAP permet \u00e0 un utilisateur distant de r\u00e9cup\u00e9rer ses\nmessages \u00e9lectroniques via les protocoles IMAP, POP3 ou KPOP.\n\n \n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire pr\u00e9sente dans le\nserveur Cyrus IMAP permet, sous certaines conditions, \u00e0 un utilisateur\ndistant d\u0027\u00e9x\u00e9cuter du code arbitraire sur la machine h\u00e9bergeant le\nserveur vuln\u00e9rable.\n\nIl est \u00e0 noter que cette vuln\u00e9rabilit\u00e9 est exploitable avant la phase\nd\u0027authentification.\n\n## Solution\n\nLa version 2.1.11 de Cyrus IMAP Server corrige cette vuln\u00e9rabilit\u00e9.\n",
"cves": [],
"initial_release_date": "2002-12-26T00:00:00",
"last_revision_date": "2003-01-06T00:00:00",
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 DSA-215 de Debian :",
"url": "http://www.debian.org/security/2002/dsa-215"
},
{
"title": "Site de Cyrus IMAP Server :",
"url": "http://asg.web.cmu.edu/cyrus/imapd/"
},
{
"title": "Note VU#740169 du CERT/CC :",
"url": "http://www.kb.cert.org/vuls/id/740169"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE-SA:2002:048 de SuSE :",
"url": "http://www.suse.com/de/security/2002_048_cyrus_imapd.html"
}
],
"reference": "CERTA-2002-AVI-280",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2002-12-26T00:00:00.000000"
},
{
"description": "ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SuSE-SA:2002:048 de SuSE.",
"revision_date": "2003-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le serveur Cyrus IMAP permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 de Cyrus IMAP Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de S\u00e9curit\u00e9 DSA-215 de Debian",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…