Bug#627081: STARTTLS plaintext command injection
Moritz Muehlenhoff
muehlenhoff at univention.de
Tue May 17 14:59:09 UTC 2011
Package: cyrus-imapd-2.2
Severity: grave
Tags: security
Hi,
I was found out that Cyrus is also vulnerable to the STARTTLS plaintext
command injection vulnerability originally discovered in Postfix:
http://www.kb.cert.org/vuls/id/555316
http://www.postfix.org/CVE-2011-0411.html
Cyrus bug:
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424
Patch:
http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162
Cheers,
Moritz
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list