Home

CVE-2011-3372

Description

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.748

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-2.3.16-6.el6_1.4.i686.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-2.3.16-6.el6_1.4.x86_64.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-2.3.7-12.el5_7.2.i386.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-2.3.7-12.el5_7.2.x86_64.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-devel-2.3.16-6.el6_1.4.i686.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-devel-2.3.16-6.el6_1.4.x86_64.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-devel-2.3.7-12.el5_7.2.i386.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-devel-2.3.7-12.el5_7.2.x86_64.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-perl-2.3.7-12.el5_7.2.i386.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-perl-2.3.7-12.el5_7.2.x86_64.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-utils-2.3.16-6.el6_1.4.i686.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-utils-2.3.16-6.el6_1.4.x86_64.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-utils-2.3.7-12.el5_7.2.i386.rpmLinux
(RHSA-2011:1508) Moderate: cyrus-imapd security update cyrus-imapd-utils-2.3.7-12.el5_7.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234