Oval Definition:oval:org.mitre.oval:def:21616
Revision Date:2015-03-09Version:12
Title:RHSA-2011:0859: cyrus-imapd security update (Moderate)
Description:The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2011:0859-CentOS 5
CVE-2011-1926
RHSA-2011:0859-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s):cyrus-imapd
Definition Synopsis
  • Red Hat Enterprise Linux 5 and CentOS Linux 5 release section
  • Operation system section
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages match section
  • cyrus-imapd is earlier than 0:2.3.7-7.el5_6.4
  • OR cyrus-imapd-devel is earlier than 0:2.3.7-7.el5_6.4
  • OR cyrus-imapd-perl is earlier than 0:2.3.7-7.el5_6.4
  • OR cyrus-imapd-utils is earlier than 0:2.3.7-7.el5_6.4
  • Red Hat Enterprise Linux 6 release section
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • AND Packages match section
  • cyrus-imapd is earlier than 0:2.3.16-6.el6_1.2
  • OR cyrus-imapd-debuginfo is earlier than 0:2.3.16-6.el6_1.2
  • OR cyrus-imapd-devel is earlier than 0:2.3.16-6.el6_1.2
  • OR cyrus-imapd-utils is earlier than 0:2.3.16-6.el6_1.2
    • BACK