Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2011-27)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120398

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2011-27)

Resumen: The remote host is missing an update for the 'cyrus-imapd' package(s) announced via the ALAS-2011-27 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cyrus-imapd' package(s) announced via the ALAS-2011-27 advisory.

Vulnerability Insight:
An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372)

A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481)

Affected Software/OS:
'cyrus-imapd' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3372
Debian Security Information: DSA-2318 (Google Search)
http://www.debian.org/security/2011/dsa-2318
http://www.mandriva.com/security/advisories?name=MDVSA-2011:149
http://secunia.com/secunia_research/2011-68
http://www.redhat.com/support/errata/RHSA-2011-1508.html
http://securitytracker.com/id?1026363
http://secunia.com/advisories/46093
Common Vulnerability Exposure (CVE) ID: CVE-2011-3481
http://www.mandriva.com/security/advisories?name=MDVSA-2012:037
XForce ISS Database: cyrus-imap-indexgetids-dos(69842)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69842

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120398
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2011-27)
Resumen:	The remote host is missing an update for the 'cyrus-imapd' package(s) announced via the ALAS-2011-27 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cyrus-imapd' package(s) announced via the ALAS-2011-27 advisory. Vulnerability Insight: An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481) Affected Software/OS: 'cyrus-imapd' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3372 Debian Security Information: DSA-2318 (Google Search) http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://secunia.com/secunia_research/2011-68 http://www.redhat.com/support/errata/RHSA-2011-1508.html http://securitytracker.com/id?1026363 http://secunia.com/advisories/46093 Common Vulnerability Exposure (CVE) ID: CVE-2011-3481 http://www.mandriva.com/security/advisories?name=MDVSA-2012:037 XForce ISS Database: cyrus-imap-indexgetids-dos(69842) https://exchange.xforce.ibmcloud.com/vulnerabilities/69842
Copyright	Copyright (C) 2015 Greenbone AG