Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386233 - <net-mail/cyrus-imapd-2.24 NNTP Server not properly implementing access restrictions (CVE-2011-3372)
Summary: <net-mail/cyrus-imapd-2.24 NNTP Server not properly implementing access restr...
Status: RESOLVED DUPLICATE of bug 385729
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2011-10-08 07:10 UTC by Michael Harrison
Modified: 2011-10-08 10:15 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-10-08 07:10:38 UTC
command processing of the NNTP server implementation (nttpd) of cyrus-imapd is not properly implementing access restrictions for certain commands and is not checking for a complete, successful authentication.  An attacker can use this flaw to bypass access restrictions for some commands and, e.g. exploit CVE-2011-3208 without proper authentication.
Comment 1 Agostino Sarubbo gentoo-dev 2011-10-08 10:15:13 UTC

*** This bug has been marked as a duplicate of bug 385729 ***