Bug 718428 - VUL-1: cyrus-imapd DoS via crafted References header
VUL-1: cyrus-imapd DoS via crafted References header
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sles9-sp3-teradata:433...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-16 12:15 UTC by Ludwig Nussel
Modified: 2011-10-24 12:48 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Patch for cyrus-2.3.X (4.76 KB, patch)
2011-09-21 07:45 UTC, Ralf Haferkamp
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-09-16 12:15:44 UTC
Your friendly security team received the following report via mitre.
Please respond ASAP.
The issue is public.

-------8<-------
======================================================
Name: CVE-2011-3481

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Reference: CONFIRM: http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5
Reference: CONFIRM: http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463
Reference: CONFIRM: http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772
Comment 5 Ralf Haferkamp 2011-09-21 07:45:17 UTC
Created attachment 452116 [details]
Patch for cyrus-2.3.X
Comment 6 Bernhard Wiedemann 2011-09-21 10:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (718428) was mentioned in
https://build.opensuse.org/request/show/84093 Factory / cyrus-imapd
Comment 8 Swamp Workflow Management 2011-09-29 13:09:01 UTC
Update released for: cyrus-imapd, cyrus-imapd-devel, perl-Cyrus-IMAP, perl-Cyrus-SIEVE-managesieve
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 9 Ralf Haferkamp 2011-10-04 13:48:58 UTC
Submitted to SLE-11-SP1, SLE-10-SP3 and SLE-10-SP4 (together with bug#719998 fix)
Comment 10 Matthias Weckbecker 2011-10-05 09:47:28 UTC
updates are released? resolved/fixed
Comment 12 Swamp Workflow Management 2011-10-24 08:29:54 UTC
Update released for: cyrus-imapd, cyrus-imapd-debuginfo, cyrus-imapd-debugsource, cyrus-imapd-devel, perl-Cyrus-IMAP, perl-Cyrus-IMAP-debuginfo, perl-Cyrus-SIEVE-managesieve, perl-Cyrus-SIEVE-managesieve-debuginfo
Products:
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)
Comment 13 Swamp Workflow Management 2011-10-24 11:11:19 UTC
Update released for: cyrus-imapd, cyrus-imapd-debuginfo, cyrus-imapd-debugsource, cyrus-imapd-devel, perl-Cyrus-IMAP, perl-Cyrus-SIEVE-managesieve
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 14 Swamp Workflow Management 2011-10-24 11:49:56 UTC
Update released for: cyrus-imapd, cyrus-imapd-debuginfo, cyrus-imapd-devel, perl-Cyrus-IMAP, perl-Cyrus-SIEVE-managesieve
Products:
SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 15 Swamp Workflow Management 2011-10-24 12:48:51 UTC
Update released for: cyrus-imapd, cyrus-imapd-debuginfo, cyrus-imapd-devel, perl-Cyrus-IMAP, perl-Cyrus-SIEVE-managesieve
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)