CVE-2011-3372 Information

Description

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Reference

http://cyrusimap.org/mediawiki/index.php/Latest_Updates http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594 http://secunia.com/advisories/46093 http://secunia.com/secunia_research/2011-68 http://securitytracker.com/id?1026363 http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://www.redhat.com/support/errata/RHSA-2011-1508.html https://bugzilla.redhat.com/show_bug.cgi?id=740822