A remotely exploitable buffer overflow flaw was found in Cyrus' nntpd. A
malicious NNTP client would be able to exploit this to execute arbitrary code
on a vulnerable nntpd server. If the 'allowanonymouslogin' option was set in
imapd.conf, it could be done without authentication.
+*cyrus-imapd-2.4.11 (09 Sep 2011)
+ 09 Sep 2011; Eray Aslan <firstname.lastname@example.org> +cyrus-imapd-2.4.11.ebuild:
+ version bump - security bug #382349
@security: We should stabilize =net-mail/cyrus-imapd-2.4.11. Thank you.
Arches, please test and mark stable :
target KEYWORDS : "amd64 hppa ppc64 ppc sparc x86"
(In reply to comment #0)
> If the 'allowanonymouslogin' option was set in
> imapd.conf, it could be done without authentication.
Thanks, Eray. Is this option enabled by default?
(In reply to comment #3)
> Thanks, Eray. Is this option enabled by default?
No, it is off by default.
cyrus started ok, package emerged ok. Pass
works now, amd64 ok
Stable for HPPA.
amd64/x86 stable, thanks Ian and Agostino
ppc/ppc64 stable, last arch done
Thanks, folks. Added to existing GLSA request.
Stack-based buffer overflow in the split_wildmats function in nntpd.c in
nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows
remote attackers to execute arbitrary code via a crafted NNTP command.
This issue was resolved and addressed in
GLSA 201110-16 at http://security.gentoo.org/glsa/glsa-201110-16.xml
by GLSA coordinator Tim Sammut (underling).