Vulnerability Name:

CVE-2011-1926 (CCN-67867)

Assigned:2011-03-25
Published:2011-03-25
Updated:2018-10-30
Summary:The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Cyrus IMAP Web site
Cyrus IMAP Server

Source: CONFIRM
Type: Patch
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423

Source: CONFIRM
Type: Patch
http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424

Source: MITRE
Type: CNA
CVE-2011-1926

Source: CONFIRM
Type: Patch
http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-7217

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-7193

Source: MLIST
Type: Patch
[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]

Source: MLIST
Type: Patch
[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]

Source: CCN
Type: RHSA-2011-0859
Moderate: cyrus-imapd security update

Source: SECUNIA
Type: UNKNOWN
44670

Source: SECUNIA
Type: UNKNOWN
44876

Source: SECUNIA
Type: UNKNOWN
44913

Source: SECUNIA
Type: UNKNOWN
44928

Source: CONFIRM
Type: UNKNOWN
http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php

Source: DEBIAN
Type: UNKNOWN
DSA-2242

Source: DEBIAN
Type: UNKNOWN
DSA-2258

Source: DEBIAN
Type: DSA-2242
cyrus-imapd-2.2 -- implementation error

Source: DEBIAN
Type: DSA-2258
kolab-cyrus-imapd -- implementation error

Source: CCN
Type: US-CERT VU#555316
STARTTLS plaintext command injection vulnerability

Source: CERT-VN
Type: US Government Resource
VU#555316

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:100

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0859

Source: SECTRACK
Type: UNKNOWN
1025625

Source: CCN
Type: Red Hat Bugzilla Bug 705288
CVE-2011-1926 cyrus-imapd: STARTTLS plaintext command injection

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=705288

Source: XF
Type: UNKNOWN
cyrus-starttls-command-exec(67867)

Source: XF
Type: UNKNOWN
cyrus-starttls-command-exec(67867)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.2.13p1:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.13:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.15:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.16:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:* (Version <= 2.4.6)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cmu:cyrus_imap_server:2.4.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:6.1.z:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_eus:5.6.z::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_long_life:5.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20111926
    V
    		CVE-2011-1926
    2022-05-20
    oval:org.mitre.oval:def:21616
    P
    		RHSA-2011:0859: cyrus-imapd security update (Moderate)
    2015-03-09
    oval:org.mitre.oval:def:12605
    P
    		DSA-2242-1 cyrus-imapd-2.2 -- implementation error
    2014-07-21
    oval:org.mitre.oval:def:18480
    P
    		DSA-2258-1 kolab-cyrus-imapd - implementation error
    2014-06-23
    oval:org.mitre.oval:def:23310
    P
    		ELSA-2011:0859: cyrus-imapd security update (Moderate)
    2014-05-26
    oval:com.redhat.rhsa:def:20110859
    P
    		RHSA-2011:0859: cyrus-imapd security update (Moderate)
    2011-06-08
    oval:com.ubuntu.precise:def:20111926000
    V
    		CVE-2011-1926 on Ubuntu 12.04 LTS (precise) - high.
    2011-05-23
    BACK
    cmu cyrus imap server 2.0.17
    cmu cyrus imap server 2.1.16
    cmu cyrus imap server 2.1.17
    cmu cyrus imap server 2.1.18
    cmu cyrus imap server 2.2.8
    cmu cyrus imap server 2.2.9
    cmu cyrus imap server 2.2.10
    cmu cyrus imap server 2.2.11
    cmu cyrus imap server 2.2.12
    cmu cyrus imap server 2.2.13
    cmu cyrus imap server 2.2.13p1
    cmu cyrus imap server 2.3.0
    cmu cyrus imap server 2.3.1
    cmu cyrus imap server 2.3.2
    cmu cyrus imap server 2.3.3
    cmu cyrus imap server 2.3.4
    cmu cyrus imap server 2.3.5
    cmu cyrus imap server 2.3.6
    cmu cyrus imap server 2.3.7
    cmu cyrus imap server 2.3.8
    cmu cyrus imap server 2.3.9
    cmu cyrus imap server 2.3.10
    cmu cyrus imap server 2.3.11
    cmu cyrus imap server 2.3.12
    cmu cyrus imap server 2.3.13
    cmu cyrus imap server 2.3.14
    cmu cyrus imap server 2.3.15
    cmu cyrus imap server 2.3.16
    cmu cyrus imap server 2.4.0
    cmu cyrus imap server 2.4.1
    cmu cyrus imap server 2.4.2
    cmu cyrus imap server 2.4.3
    cmu cyrus imap server 2.4.4
    cmu cyrus imap server 2.4.5
    cmu cyrus imap server *
    cmu cyrus imap server 2.4.6
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux server eus 6.1.z
    redhat enterprise linux eus 5.6.z
    redhat enterprise linux long life 5.6