CVE 2011-3372
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Related bugs and status
CVE-2011-3372 (Candidate) is related to these bugs:
Bug #880909: bypass access restrictions for some commands
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu) | Medium | Confirmed | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu Lucid) | Medium | Fix Released | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu Natty) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu Hardy) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu Oneiric) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu Maverick) | Medium | Fix Released | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.2 (Ubuntu Precise) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu) | Undecided | Confirmed | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu Hardy) | Undecided | Invalid | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu Lucid) | Undecided | Invalid | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu Maverick) | Undecided | Invalid | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu Natty) | Undecided | Invalid | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu Oneiric) | Undecided | Won't Fix | ||
880909 | bypass access restrictions for some commands | cyrus-imapd-2.4 (Ubuntu Precise) | Undecided | Won't Fix | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu) | Medium | Confirmed | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu Hardy) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu Lucid) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu Maverick) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu Natty) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu Oneiric) | Medium | Won't Fix | ||
880909 | bypass access restrictions for some commands | kolab-cyrus-imapd (Ubuntu Precise) | Medium | Won't Fix |
See the
CVE page on Mitre.org
for more details.