CVE-2011-3372
Published: 24 December 2011
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Priority
Status
Package | Release | Status |
---|---|---|
cyrus-imapd-2.2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.2.13-19squeeze2build0.10.04.1)
|
|
maverick |
Released
(2.2.13-19squeeze2build0.10.10.1)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: vendor: http://anonscm.debian.org/gitweb/?p=pkg-cyrus-imapd/cyrus-imapd-2.2.git;a=blob;f=debian/patches/fix-authentication-bypass-in-nntpd.patch;h=471da177a78818fcf9c26fba9ad29e809eba21ea;hb=0b1fdf9cfbd8f7101eddca1af88a3c5177be8ee5 vendor: http://www.debian.org/security/2011/dsa-2318 |
||
cyrus-imapd-2.4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(2.4.12-2)
|
|
quantal |
Not vulnerable
(2.4.16-1)
|
|
raring |
Not vulnerable
(2.4.16-1)
|
|
saucy |
Not vulnerable
(2.4.16-1)
|
|
trusty |
Does not exist
(trusty was not-affected [2.4.16-1])
|
|
upstream |
Released
(2.4.12)
|
|
utopic |
Not vulnerable
(2.4.16-1)
|
|
vivid |
Not vulnerable
(2.4.16-1)
|
|
wily |
Not vulnerable
(2.4.16-1)
|
|
xenial |
Not vulnerable
(2.4.16-1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
kolab-cyrus-imapd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|