CVE-2011-3481 - Unspecified vulnerability in CMU Cyrus Imap Server

Publication

2011-09-14

Last modification

2018-10-30

Summary

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Description

Cyrus IMAP Server is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference.Attackers can exploit this issue to cause the server to dereference an invalid memory location, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.Versions prior to Cyrus IMAP Server 2.4.11 are vulnerable.

Solution

Updates are available. Please see the references for more information. Mandriva Linux Mandrake 2010.1 Mandriva cyrus-imapd-2.3.15-10.4mdv2010.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-devel-2.3.15-10.4mdv2010.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-murder-2.3.15-10.4mdv2010.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-utils-2.3.15-10.4mdv2010.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva perl-Cyrus-2.3.15-10.4mdv2010.2.i586.rpm http://www.mandriva.com/en/downloads/ MandrakeSoft Enterprise Server 5 x86_64 Mandriva cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva Linux Mandrake 2011 x86_64 Mandriva cyrus-imapd-2.3.16-7.2-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva perl-Cyrus-2.3.16-7.2-mdv2011.0.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva Linux Mandrake 2011 Mandriva cyrus-imapd-2.3.16-7.2-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva perl-Cyrus-2.3.16-7.2-mdv2011.0.i586.rpm http://www.mandriva.com/en/downloads/ MandrakeSoft Enterprise Server 5 Mandriva cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva Linux Mandrake 2010.1 x86_64 Mandriva cyrus-imapd-2.3.15-10.4mdv2010.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-devel-2.3.15-10.4mdv2010.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-murder-2.3.15-10.4mdv2010.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva cyrus-imapd-utils-2.3.15-10.4mdv2010.2.x86_64.rpm http://www.mandriva.com/en/downloads/ Mandriva perl-Cyrus-2.3.15-10.4mdv2010.2.x86_64.rpm http://www.mandriva.com/en/downloads/

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Risk level (CVSS AV:N/AC:M/Au:N/C:N/I:N/A:P)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products