cyrus-imapd-2.3.7-12.AXS3.2
エラータID: AXSA:2011-380:03
リリース日:
2011/12/07 Wednesday - 21:18
題名:
cyrus-imapd-2.3.7-12.AXS3.2
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Security Fix]<br />
- Cyrus IMAP Server の index.c の index_get_ids 関数には,サーバサイドスレッディングが有効な場合,Eメールメッセージの巧妙に細工されたリファレンスヘッダによって,リモートの攻撃者がサービス拒否 (ヌルポインタ逆参照とデーモンのクラッシュ) を行う脆弱性があります。(CVE-2011-3481)<br />
<br />
- 現時点では CVE-2011-3372 の情報が公開されておりません。<br />
CVEの情報が公開され次第情報をアップデートいたします。<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp/<br />
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-3372
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
CVE-2011-3481
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
追加情報:
N/A
ダウンロード:
SRPMS
- cyrus-imapd-2.3.7-12.AXS3.2.src.rpm
MD5: 9512e00b2ab16e4513d5a02115a67ea1
SHA-256: 8ed121fc4ceb6577fb7a618185ee0ded9a8f39d7d0a50d60499ea490c862db32
Size: 2.32 MB
Asianux Server 3 for x86
- cyrus-imapd-2.3.7-12.AXS3.2.i386.rpm
MD5: b6c1557f7e88085d5c2dd8d0534dd28c
SHA-256: 234f0bfc73f3eee29bfc2a98feaa77d97cadc832a025d3d6a6ad8ce25655b26c
Size: 12.52 MB - cyrus-imapd-devel-2.3.7-12.AXS3.2.i386.rpm
MD5: a8c1babbbf0265721eb6fb8e4f358c6c
SHA-256: ef1d223a084d46210095075020aac5a349afbaa69ac431494cdf27b698b848a8
Size: 302.99 kB - cyrus-imapd-perl-2.3.7-12.AXS3.2.i386.rpm
MD5: 4229a09c49814048059fefae55f65c69
SHA-256: baec9dbeff9400a4dab4fe3c8299c68c99e64647940bd3c4c2d31edd1af4d13e
Size: 211.57 kB - cyrus-imapd-utils-2.3.7-12.AXS3.2.i386.rpm
MD5: 542c8317c7f87249f4a7bc6c0e332f20
SHA-256: ed854e28c816548cd7c3b510986cda22a4e8567c9c7f678b0b9078eca0fd83aa
Size: 183.89 kB
Asianux Server 3 for x86_64
- cyrus-imapd-2.3.7-12.AXS3.2.x86_64.rpm
MD5: 25fd551afe2c8314b831ee4b64d4d307
SHA-256: ee1878e1bc5b91ea941c4511769fc7651f6f3cee14b771d5bfb587fb7a76a0a6
Size: 12.65 MB - cyrus-imapd-devel-2.3.7-12.AXS3.2.x86_64.rpm
MD5: 66edcb9e8f23b4b3b3b30746b215ca60
SHA-256: 149ae1b53e6338cedc6f84045015ecc728aeb27812ca66f09ce8c6bb7fdd6aef
Size: 306.56 kB - cyrus-imapd-perl-2.3.7-12.AXS3.2.x86_64.rpm
MD5: 9075250d05d39b9771c056042cb67331
SHA-256: cf24504becdac3e45751c93b047f07a7e310127e95b40a974e1ec9880d467fc3
Size: 211.60 kB - cyrus-imapd-utils-2.3.7-12.AXS3.2.x86_64.rpm
MD5: cea5e68d7d3bd255fc10af9d2c73d75c
SHA-256: b31361072d3fa05026c43a5a657a2dced21b67cf6341016902c4ab2edc4eb356
Size: 187.22 kB