STARTTLS implementation allows MITM
Bug #880924 reported by
Dave Walker
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-imapd-2.2 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Hardy |
Won't Fix
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned | ||
Natty |
Invalid
|
High
|
Unassigned | ||
Oneiric |
Invalid
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned | ||
cyrus-imapd-2.4 (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned | ||
Natty |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Invalid
|
High
|
Unassigned | ||
Precise |
Invalid
|
High
|
Unassigned |
Bug Description
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not
properly restrict I/O buffering, which allows man-in-the-middle attackers
to insert commands into encrypted sessions by sending a cleartext command
that is processed after TLS is in place, related to a "plaintext command
injection" attack, a similar issue to CVE-2011-0411.
http://
CVE References
visibility: | private → public |
Changed in cyrus-imapd-2.2 (Ubuntu Lucid): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in cyrus-imapd-2.2 (Ubuntu Maverick): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in cyrus-imapd-2.2 (Ubuntu Hardy): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Natty): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Oneiric): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in cyrus-imapd-2.2 (Ubuntu Precise): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in cyrus-imapd-2.4 (Ubuntu Oneiric): | |
status: | New → Invalid |
importance: | Undecided → High |
Changed in cyrus-imapd-2.4 (Ubuntu Precise): | |
importance: | Undecided → High |
status: | New → Invalid |
Changed in cyrus-imapd-2.4 (Ubuntu Natty): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Maverick): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Lucid): | |
importance: | Undecided → High |
status: | New → Fix Released |
Changed in cyrus-imapd-2.4 (Ubuntu Hardy): | |
importance: | Undecided → High |
status: | New → Fix Released |
To post a comment you must log in.
cyrus-imapd-2.2 (2.2.13p1-11) unstable; urgency=low
* Fix CVE-2011-1926: STARTTLS plaintext command injection
vulnerability (VU#555316)
* Fix infinite loop in case of corrupted index files (Closes: #627078)
-- Ondřej Surý <email address hidden> Wed, 18 May 2011 10:43:58 +0200
... synced into precise with 2.2.13p1-15; although I might shortly remove this in favour of cyrus-imapd-2.4.