Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2011-0859

Опубликовано: 08 июн. 2011
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 5

Описание

ELSA-2011-0859: cyrus-imapd security update (MODERATE)

[2.3.16-6.2]

  • do not use strict aliasing

[2.3.16-6.1]

  • fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

cyrus-imapd

2.3.16-6.el6_1.2

cyrus-imapd-devel

2.3.16-6.el6_1.2

cyrus-imapd-utils

2.3.16-6.el6_1.2

Oracle Linux i686

cyrus-imapd

2.3.16-6.el6_1.2

cyrus-imapd-devel

2.3.16-6.el6_1.2

cyrus-imapd-utils

2.3.16-6.el6_1.2

Oracle Linux 5

Oracle Linux ia64

cyrus-imapd

2.3.7-7.0.1.el5_6.4

cyrus-imapd-devel

2.3.7-7.0.1.el5_6.4

cyrus-imapd-perl

2.3.7-7.0.1.el5_6.4

cyrus-imapd-utils

2.3.7-7.0.1.el5_6.4

Oracle Linux x86_64

cyrus-imapd

2.3.7-7.0.1.el5_6.4

cyrus-imapd-devel

2.3.7-7.0.1.el5_6.4

cyrus-imapd-perl

2.3.7-7.0.1.el5_6.4

cyrus-imapd-utils

2.3.7-7.0.1.el5_6.4

Oracle Linux i386

cyrus-imapd

2.3.7-7.0.1.el5_6.4

cyrus-imapd-devel

2.3.7-7.0.1.el5_6.4

cyrus-imapd-perl

2.3.7-7.0.1.el5_6.4

cyrus-imapd-utils

2.3.7-7.0.1.el5_6.4

Связанные CVE

CVE-2011-1926

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2011-1926

ubuntu
около 14 лет назад

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

redhat логотип

CVE-2011-1926

redhat
больше 14 лет назад

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

nvd логотип

CVE-2011-1926

nvd
около 14 лет назад

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

debian логотип

CVE-2011-1926

debian
около 14 лет назад

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not ...

github логотип

GHSA-w7v6-vm58-fw22

github
около 3 лет назад

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.