From secunia security advisor at $URL:
The vulnerability is caused due to an error within the authentication mechanism of the NNTP server, which can be exploited to bypass the authentication process and execute commands intended for authenticated users by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command.
The vulnerability is confirmed in version 2.4.10 and 2.4.11. Prior versions may also be affected.
Apply patch or update to version 2.4.12.
Please bump 2.4.12 or here is the patch.
+*cyrus-imapd-2.4.12 (06 Oct 2011)
+ 06 Oct 2011; Eray Aslan <email@example.com> +cyrus-imapd-2.4.12.ebuild:
+ version bump - security bug #385729. Add back sieve USE flag - bug #382389
@security: We can stabilize =net-mail/cyrus-imapd-2.4.12. Thank you.
(In reply to comment #2)
> @security: We can stabilize =net-mail/cyrus-imapd-2.4.12. Thank you.
Arches, please test and mark stable:
target KEYWORDS : "amd64 hppa ppc ppc64 sparc x86"
+ 06 Oct 2011; Steve Dibb <firstname.lastname@example.org> cyrus-imapd-2.4.12.ebuild:
+ amd64 stable, security bug 385729
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before
2.4.11, when server-side threading is enabled, allows remote attackers to
cause a denial of service (NULL pointer dereference and daemon crash) via a
crafted References header in an e-mail message.
*** Bug 386233 has been marked as a duplicate of this bug. ***
Stable for HPPA.
Thanks, everyone. GLSA Vote: yes.
Vote: YES. GLSA request filed.
This issue was resolved and addressed in
GLSA 201110-16 at http://security.gentoo.org/glsa/glsa-201110-16.xml
by GLSA coordinator Tim Sammut (underling).
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12
allows remote attackers to bypass authentication by sending an AUTHINFO USER
command without sending an additional AUTHINFO PASS command.