Main Vulnerability Database Vulnerabilities #VU351

#VU351 Authentication bypass in cyrus-imapd NNTP server in Red Hat Inc. products - CVE-2011-3372

Published: August 28, 2016

Vulnerability identifier: #VU351

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-3372

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RHEL Desktop Workstation
Red Hat Desktop
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux AS
Red Hat Enterprise Linux ES
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux Server EUS
Red Hat Enterprise Linux WS
Red Hat Enterprise Linux Workstation
Red Hat cyrus-imapd

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to an error in nntpd. A remote unauthenticated attacker can bypass authentication process and read or post arbitrary newsgroup messages on vulnerable NNTP server.

Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information and perform social engineering attacks against NNTP server subscribers.

Remediation

Update to version 2.2.12-17.

External links

https://rhn.redhat.com/errata/RHSA-2011-1508.html

#VU351 Authentication bypass in cyrus-imapd NNTP server in Red Hat Inc. products - CVE-2011-3372

Description

Remediation

External links

Please verify you're human