CVE-2017-12843

Publication date 22 August 2017

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.

Read the notes from the security team

Status

Package Ubuntu Release Status
cyrus-imapd 17.04 zesty
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
cyrus-imapd-2.4 17.04 zesty Not in release
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Notes


sbeattie

flaw was introduced in 3.0.0.

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N