Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386233

Summary: <net-mail/cyrus-imapd-2.24 NNTP Server not properly implementing access restrictions (CVE-2011-3372)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.debian.org/security/
Whiteboard:
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-10-08 07:10:38 UTC 
command processing of the NNTP server implementation (nttpd) of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication.  An attacker can use this flaw to bypass access restrictions for some commands and, e.g. exploit CVE-2011-3208 without proper authentication.
Comment 1 Agostino Sarubbo gentoo-dev 2011-10-08 10:15:13 UTC 

*** This bug has been marked as a duplicate of bug 385729 ***