*** This bug is a security vulnerability *** Public security bug reported:
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3208 ** Affects: cyrus-imapd-2.2 (Ubuntu) Importance: Medium Status: Confirmed ** Affects: cyrus-imapd-2.4 (Ubuntu) Importance: Medium Status: Confirmed ** Affects: kolab-cyrus-imapd (Ubuntu) Importance: Undecided Status: New ** Affects: cyrus-imapd-2.2 (Ubuntu Lucid) Importance: Medium Status: Fix Released ** Affects: cyrus-imapd-2.4 (Ubuntu Lucid) Importance: Medium Status: Fix Released ** Affects: kolab-cyrus-imapd (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: cyrus-imapd-2.2 (Ubuntu Maverick) Importance: Medium Status: Fix Released ** Affects: cyrus-imapd-2.4 (Ubuntu Maverick) Importance: Medium Status: Fix Released ** Affects: kolab-cyrus-imapd (Ubuntu Maverick) Importance: Undecided Status: New ** Affects: cyrus-imapd-2.2 (Ubuntu Natty) Importance: Medium Status: Confirmed ** Affects: cyrus-imapd-2.4 (Ubuntu Natty) Importance: Medium Status: Fix Released ** Affects: kolab-cyrus-imapd (Ubuntu Natty) Importance: Undecided Status: New ** Affects: cyrus-imapd-2.2 (Ubuntu Oneiric) Importance: Medium Status: Confirmed ** Affects: cyrus-imapd-2.4 (Ubuntu Oneiric) Importance: Medium Status: Confirmed ** Affects: kolab-cyrus-imapd (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: cyrus-imapd-2.2 (Ubuntu Precise) Importance: Medium Status: Confirmed ** Affects: cyrus-imapd-2.4 (Ubuntu Precise) Importance: Medium Status: Confirmed ** Affects: kolab-cyrus-imapd (Ubuntu Precise) Importance: Undecided Status: New ** Affects: cyrus-imapd-2.2 (Ubuntu Hardy) Importance: Medium Status: Confirmed ** Affects: cyrus-imapd-2.4 (Ubuntu Hardy) Importance: Medium Status: Fix Released ** Affects: kolab-cyrus-imapd (Ubuntu Hardy) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3208 ** Also affects: cyrus-imapd-2.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.2 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.4 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.2 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.4 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.2 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.4 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.2 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.4 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.2 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.4 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.2 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: cyrus-imapd-2.4 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: kolab-cyrus-imapd (Ubuntu Lucid) Importance: Undecided Status: New ** Changed in: cyrus-imapd-2.2 (Ubuntu Lucid) Status: New => Fix Released ** Changed in: cyrus-imapd-2.2 (Ubuntu Maverick) Status: New => Fix Released ** Changed in: cyrus-imapd-2.2 (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.2 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.2 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.2 (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.2 (Ubuntu Natty) Status: New => Confirmed ** Changed in: cyrus-imapd-2.2 (Ubuntu Hardy) Status: New => Confirmed ** Changed in: cyrus-imapd-2.2 (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.2 (Ubuntu Oneiric) Status: New => Confirmed ** Changed in: cyrus-imapd-2.2 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.2 (Ubuntu Precise) Status: New => Confirmed ** Changed in: cyrus-imapd-2.4 (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.4 (Ubuntu Natty) Status: New => Fix Released ** Changed in: cyrus-imapd-2.4 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.4 (Ubuntu Maverick) Status: New => Fix Released ** Changed in: cyrus-imapd-2.4 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.4 (Ubuntu Lucid) Status: New => Fix Released ** Changed in: cyrus-imapd-2.4 (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.4 (Ubuntu Hardy) Status: New => Fix Released ** Changed in: cyrus-imapd-2.4 (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.4 (Ubuntu Oneiric) Status: New => Confirmed ** Changed in: cyrus-imapd-2.4 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: cyrus-imapd-2.4 (Ubuntu Precise) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/880914 Title: Stack-based buffer overflow in the split_wildmats function in nntpd.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-imapd-2.2/+bug/880914/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs