MidnightBSD

Advisories for cyrus

CVE-2002-2043 HIGH

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cyrus sasl 1.5.27
cyrus sasl 1.5.24
CVE-2002-2253 HIGH

Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
cyrus libsieve *
CVE-2004-0884 HIGH

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cyrus sasl 1.5.27
cyrus sasl 2.1.18
cyrus sasl 2.1.17
cyrus sasl 2.1.12
cyrus sasl 2.1.14
cyrus sasl 2.1.10
cyrus sasl 1.5.24
conectiva linux 9.0
cyrus sasl 1.5.28
conectiva linux 10.0
cyrus sasl 2.1.15
cyrus sasl 2.1.9
cyrus sasl 2.1.16
cyrus sasl 2.1.18_r1
cyrus sasl 2.1.13
cyrus sasl 2.1.11
CVE-2005-0373 HIGH

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.0.2
apple mac_os_x_server 10.1
cyrus sasl 2.1.12
apple mac_os_x_server 10.1.5
apple mac_os_x_server 10.3.5
apple mac_os_x 10.3.2
apple mac_os_x 10.3.6
cyrus sasl 2.1.15
apple mac_os_x 10.0.4
suse suse_cvsup 16.1h_36.i586
apple mac_os_x_server 10.2.3
cyrus sasl 2.1.16
apple mac_os_x_server 10.2.2
apple mac_os_x 10.3.8
apple mac_os_x 10.1.5
apple mac_os_x_server 10.3.3
apple mac_os_x_server 10.3.7
apple mac_os_x_server 10.3
apple mac_os_x 10.3.3
openpkg openpkg 2.1
apple mac_os_x_server 10.0
conectiva linux 9.0
apple mac_os_x_server 10.2.4
conectiva linux 10.0
apple mac_os_x_server 10.1.3
apple mac_os_x 10.0.1
apple mac_os_x_server 10.2.5
apple mac_os_x 10.0.3
apple mac_os_x 10.2.3
apple mac_os_x_server 10.2.6
apple mac_os_x_server 10.3.1
apple mac_os_x 10.2.7
cyrus sasl 1.5.27
cyrus sasl 2.1.18
cyrus sasl 2.1.10
apple mac_os_x 10.2.2
apple mac_os_x 10.3.5
apple mac_os_x 10.1.2
apple mac_os_x 10.2
apple mac_os_x 10.2.5
apple mac_os_x_server 10.1.1
apple mac_os_x 10.2.6
apple mac_os_x 10.2.8
apple mac_os_x 10.3
cyrus sasl 2.1.9
apple mac_os_x_server 10.2
suse suse_linux 1.0
apple mac_os_x 10.3.4
apple mac_os_x_server 10.3.8
apple mac_os_x_server 10.2.7
cyrus sasl 2.1.13
redhat fedora_core core_1.0
cyrus sasl 2.1.11
apple mac_os_x_server 10.1.2
apple mac_os_x 10.0
apple mac_os_x 10.1.4
cyrus sasl 2.1.17
suse suse_linux 9.0
apple mac_os_x_server 10.3.4
cyrus sasl 2.1.14
openpkg openpkg 2.2
cyrus sasl 1.5.24
suse suse_linux 8.2
apple mac_os_x_server 10.2.8
apple mac_os_x_server 10.3.6
cyrus sasl 1.5.28
apple mac_os_x 10.2.1
apple mac_os_x_server 10.3.2
apple mac_os_x 10.1.3
suse suse_linux 9.2
apple mac_os_x_server 10.1.4
apple mac_os_x 10.2.4
suse suse_linux 9.1
apple mac_os_x 10.3.7
apple mac_os_x 10.3.1
cyrus sasl 2.1.18_r1
suse suse_linux 8.1
suse suse_linux 8.0
apple mac_os_x 10.1
apple mac_os_x_server 10.2.1
apple mac_os_x 10.1.1
CVE-2005-0546 HIGH

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cyrus imapd 2.2.10
cyrus imapd 2.1.18
cyrus imapd 2.0.17
cyrus imapd 2.1.17
cyrus imapd 2.1.16
CVE-2006-1721 LOW

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cyrus sasl 2.1.18
cyrus sasl 2.1.20
cyrus sasl 2.1.19
cyrus sasl 2.1.18_r1
cyrus sasl 2.1.18_r2
CVE-2006-2502 MEDIUM

Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cyrus imapd 2.3.2
CVE-2011-3372 HIGH

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
cyrus imapd *
CVE-2015-8076 HIGH

The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-200,

Products Affected

Vendor Product Version
cyrus imap 2.3.6
cyrus imap 2.3.9
cyrus imap 2.3.12
cyrus imap 2.4.0
cyrus imap 2.4.14
cyrus imap 2.4.4
cyrus imap 2.3.5
cyrus imap 2.3.14
cyrus imap 2.5.3
cyrus imap 2.5.0
cyrus imap 2.3.1
cyrus imap 2.3.7
cyrus imap 2.3.13
cyrus imap 2.4.15
cyrus imap 2.3.16
cyrus imap 2.4.7
cyrus imap 2.4.16
cyrus imap 2.3.3
cyrus imap 2.5.1
cyrus imap 2.3.8
cyrus imap 2.4.2
cyrus imap 2.5.2
cyrus imap 2.3.18
cyrus imap 2.4.9
cyrus imap 2.3.4
opensuse opensuse 13.2
cyrus imap 2.4.1
cyrus imap 2.4.8
cyrus imap 2.3.10
cyrus imap 2.4.5
cyrus imap 2.4.13
cyrus imap 2.3.0
cyrus imap 2.4.12
opensuse leap 42.1
cyrus imap 2.3.11
cyrus imap 2.4.11
cyrus imap 2.4.3
cyrus imap 2.4.10
cyrus imap 2.4.6
cyrus imap 2.3.17
cyrus imap 2.4.17
cyrus imap 2.3.2
cyrus imap 2.3.15
CVE-2015-8077 HIGH

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
cyrus imap 2.3.6
cyrus imap 2.3.9
cyrus imap 2.3.12
cyrus imap 2.4.0
cyrus imap 2.4.14
cyrus imap 2.4.4
cyrus imap 2.3.5
cyrus imap 2.3.14
cyrus imap 2.5.3
cyrus imap 2.5.0
cyrus imap 2.3.1
cyrus imap 2.3.7
cyrus imap 2.3.13
cyrus imap 2.4.15
cyrus imap 2.3.16
cyrus imap 2.4.7
cyrus imap 2.4.16
cyrus imap 2.3.3
cyrus imap 2.5.1
cyrus imap 2.3.8
cyrus imap 2.4.2
cyrus imap 2.5.2
cyrus imap 2.3.18
cyrus imap 2.4.9
cyrus imap 2.3.4
opensuse opensuse 13.2
cyrus imap 2.4.1
cyrus imap 2.4.8
cyrus imap 2.3.10
cyrus imap 2.4.5
cyrus imap 2.4.13
cyrus imap 2.3.0
cyrus imap 2.4.12
opensuse leap 42.1
cyrus imap 2.3.11
cyrus imap 2.4.11
cyrus imap 2.4.3
cyrus imap 2.4.10
cyrus imap 2.4.6
cyrus imap 2.3.17
cyrus imap 2.4.17
cyrus imap 2.3.2
cyrus imap 2.3.15
CVE-2015-8078 HIGH

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
cyrus imap 2.3.6
cyrus imap 2.3.9
cyrus imap 2.3.12
cyrus imap 2.4.0
cyrus imap 2.4.14
cyrus imap 2.4.4
cyrus imap 2.3.5
cyrus imap 2.3.14
cyrus imap 2.5.3
cyrus imap 2.5.0
cyrus imap 2.3.1
cyrus imap 2.3.7
cyrus imap 2.3.13
cyrus imap 2.4.15
cyrus imap 2.3.16
cyrus imap 2.4.7
cyrus imap 2.4.16
cyrus imap 2.3.3
cyrus imap 2.5.1
cyrus imap 2.3.8
cyrus imap 2.4.2
cyrus imap 2.5.2
cyrus imap 2.3.18
cyrus imap 2.4.9
cyrus imap 2.3.4
opensuse opensuse 13.2
cyrus imap 2.4.1
cyrus imap 2.4.8
cyrus imap 2.3.10
cyrus imap 2.4.5
cyrus imap 2.4.13
cyrus imap 2.3.0
cyrus imap 2.4.12
opensuse leap 42.1
cyrus imap 2.3.11
cyrus imap 2.4.11
cyrus imap 2.4.3
cyrus imap 2.4.10
cyrus imap 2.4.6
cyrus imap 2.3.17
cyrus imap 2.4.17
cyrus imap 2.3.2
cyrus imap 2.3.15
CVE-2017-14230 MEDIUM

In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cyrus imap *
CVE-2019-11356 HIGH

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux 8.0
fedoraproject fedora 30
redhat enterprise_linux_server_aus 8.4
fedoraproject fedora 29
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.2
cyrus imap *
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_tus 8.2
CVE-2019-18928 HIGH

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
cyrus imap *
fedoraproject fedora 31
fedoraproject fedora 30
CVE-2019-19783 LOW

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
cyrus imap *
fedoraproject fedora 31
fedoraproject fedora 30
debian debian_linux 10.0
CVE-2021-32056 MEDIUM

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
fedoraproject fedora 35
cyrus imap *
fedoraproject fedora 34
CVE-2021-33582 MEDIUM

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-407,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 35
cyrus imap *
fedoraproject fedora 34