ID de Prueba:	1.3.6.1.4.1.25623.1.0.881403
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
Resumen:	The remote host is missing an update for the 'cyrus-imapd'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'cyrus-imapd' package(s) announced via the referenced advisory. Vulnerability Insight: The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-1926) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically. Affected Software/OS: cyrus-imapd on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1926 1025625 http://www.securitytracker.com/id?1025625 44670 http://secunia.com/advisories/44670 44876 http://secunia.com/advisories/44876 44913 http://secunia.com/advisories/44913 44928 http://secunia.com/advisories/44928 DSA-2242 http://www.debian.org/security/2011/dsa-2242 DSA-2258 http://www.debian.org/security/2011/dsa-2258 FEDORA-2011-7193 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html FEDORA-2011-7217 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html MDVSA-2011:100 http://www.mandriva.com/security/advisories?name=MDVSA-2011:100 RHSA-2011:0859 http://www.redhat.com/support/errata/RHSA-2011-0859.html VU#555316 http://www.kb.cert.org/vuls/id/555316 [oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?] http://openwall.com/lists/oss-security/2011/05/17/2 [oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?] http://openwall.com/lists/oss-security/2011/05/17/15 cyrus-starttls-command-exec(67867) https://exchange.xforce.ibmcloud.com/vulnerabilities/67867 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162 http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php https://bugzilla.redhat.com/show_bug.cgi?id=705288
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.