bypass access restrictions for some commands
Bug #880909 reported by
Dave Walker
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-imapd-2.2 (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
Hardy |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
cyrus-imapd-2.4 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Won't Fix
|
Undecided
|
Unassigned | ||
Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
kolab-cyrus-imapd (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
Hardy |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
Maverick |
Won't Fix
|
Medium
|
Unassigned | ||
Natty |
Won't Fix
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
the command processing of the NNTP server implementation (nttpd) of
cyrus-imapd is not properly implementing access restrictions for certain
commands and is not checking for a complete, successful authentication.
An attacker can use this flaw to bypass access restrictions for some
commands and, e.g. exploit CVE-2011-3208 without proper authentication.
http://
CVE References
visibility: | private → public |
Changed in cyrus-imapd-2.2 (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.2 (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.4 (Ubuntu Hardy): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Natty): | |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.4 (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in cyrus-imapd-2.4 (Ubuntu Hardy): | |
status: | Fix Released → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Lucid): | |
status: | Fix Released → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Maverick): | |
status: | Fix Released → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Natty): | |
status: | Fix Released → Invalid |
Changed in kolab-cyrus-imapd (Ubuntu Lucid): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Maverick): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Natty): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Oneiric): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in kolab-cyrus-imapd (Ubuntu Hardy): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in cyrus-imapd-2.2 (Ubuntu Natty): | |
status: | Confirmed → Won't Fix |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
status: | Confirmed → Won't Fix |
Changed in kolab-cyrus-imapd (Ubuntu Oneiric): | |
status: | Confirmed → Won't Fix |
Changed in cyrus-imapd-2.2 (Ubuntu Precise): | |
status: | Confirmed → Won't Fix |
Changed in kolab-cyrus-imapd (Ubuntu Precise): | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
Thank you for reporting this bug to Ubuntu. maverick has reached EOL /wiki.ubuntu. com/Releases for currently supported Ubuntu
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https:/
releases.
Please feel free to report any other bugs you may find.