Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2011-3372

Improper Authentication

Published: Dec 24, 2011 | Modified: Dec 26, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2011-3372
CWEhttps://cwe.mitre.org/data/definitions/287.html

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Imapd Cyrus * 2.4.11 (including)
Red Hat Enterprise Linux 4 RedHat cyrus-imapd-0:2.2.12-17.el4 *
Red Hat Enterprise Linux 5 RedHat cyrus-imapd-0:2.3.7-12.el5_7.2 *
Red Hat Enterprise Linux 6 RedHat cyrus-imapd-0:2.3.16-6.el6_1.4 *
Cyrus-imapd-2.2 Ubuntu hardy *
Cyrus-imapd-2.2 Ubuntu lucid *
Cyrus-imapd-2.2 Ubuntu maverick *
Cyrus-imapd-2.2 Ubuntu natty *
Cyrus-imapd-2.2 Ubuntu oneiric *
Cyrus-imapd-2.4 Ubuntu oneiric *
Cyrus-imapd-2.4 Ubuntu upstream *
Kolab-cyrus-imapd Ubuntu hardy *
Kolab-cyrus-imapd Ubuntu lucid *
Kolab-cyrus-imapd Ubuntu maverick *
Kolab-cyrus-imapd Ubuntu natty *
Kolab-cyrus-imapd Ubuntu oneiric *
Kolab-cyrus-imapd Ubuntu precise *
Kolab-cyrus-imapd Ubuntu quantal *
Kolab-cyrus-imapd Ubuntu raring *
Kolab-cyrus-imapd Ubuntu saucy *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use