Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cmu
  • Cyrus Imap Server
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.13p1:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.15:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:cmu:cyrus_imap_server:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.4.10:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
cyrus-imapd-0:2.2.12-16.el4 cpe:/o:redhat:enterprise_linux:4 RHSA-2011:1317 2011-09-19T00:00:00Z
Red Hat Enterprise Linux 5
cyrus-imapd-0:2.3.7-12.el5_7.1 cpe:/o:redhat:enterprise_linux:5 RHSA-2011:1317 2011-09-19T00:00:00Z
Red Hat Enterprise Linux 6
cyrus-imapd-0:2.3.16-6.el6_1.3 cpe:/o:redhat:enterprise_linux:6 RHSA-2011:1317 2011-09-19T00:00:00Z
References
Link Providers
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 cve-icon cve-icon
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 cve-icon cve-icon
http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d cve-icon cve-icon
http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html cve-icon cve-icon
http://secunia.com/advisories/45938 cve-icon cve-icon
http://secunia.com/advisories/45975 cve-icon cve-icon
http://secunia.com/advisories/46064 cve-icon cve-icon
http://securitytracker.com/id?1026031 cve-icon cve-icon
http://www.debian.org/security/2011/dsa-2318 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 cve-icon cve-icon
http://www.osvdb.org/75307 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-1317.html cve-icon cve-icon
http://www.securityfocus.com/bid/49534 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=734926 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/69679 cve-icon cve-icon
https://hermes.opensuse.org/messages/11723935 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2011-3208 cve-icon
https://www.cve.org/CVERecord?id=CVE-2011-3208 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-09-14T17:00:00

Updated: 2024-08-06T23:29:56.064Z

Reserved: 2011-08-19T00:00:00

Link: CVE-2011-3208

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-09-14T17:17:07.317

Modified: 2018-10-30T16:26:47.280

Link: CVE-2011-3208

cve-icon Redhat

Severity : Important

Publid Date: 2011-09-08T00:00:00Z

Links: CVE-2011-3208 - Bugzilla