CVE-2011-1926 — Command Injection in Cyrus Imap Server

4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

4.9%

top 10.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CMU Cyrus Imap Server

Timeline

PublishedMay 23

Latest updateMay 14

Description

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDcmu/cyrus_imap_server2.4.6+34

Patches

Patch: bugzilla.cyrusimap.org ↗Patch: bugzilla.cyrusimap.org ↗Patch: git.cyrusimap.org ↗

🔴Vulnerability Details

GHSA

GHSA-w7v6-vm58-fw22: The STARTTLS implementation in Cyrus IMAP Server before 2↗2022-05-14

▶

📋Vendor Advisories

Red Hat

cyrus-imapd: STARTTLS plaintext command injection↗2011-03-25

▶

💬Community

Bugzilla

CVE-2011-1926 cyrus-imapd: STARTTLS plaintext command injection↗2011-05-17

▶