Oval Definition:	oval:org.mitre.oval:def:12757
Revision Date: 2014-06-23 Version: 20 Title: DSA-2257-1 kolab-cyrus-imapd -- implementation error Description: It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2011-2194 DSA-2257-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Product(s): kolab-cyrus-imapd Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND kolab-cyrus-imapd DPKG is earlier than 2.2.13-5+lenny3 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND Installed architecture is all AND kolab-cyrus-imapd DPKG is earlier than 2.2.13-9.1
BACK