ALT-PU-2020-1022-1
Package cyrus-imapd updated to version 2.5.15-alt0.M80P.1 for branch p8 in task 243774.
Closed vulnerabilities
Published: 2019-12-16
BDU:2020-01976
Уязвимость множества элементов сервера электронной почты Cyrus IMAP, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю оказать воздействие на целостность информации
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
References:
Published: 2019-12-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-19783
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
References:
- FEDORA-2019-7938c21723
- FEDORA-2019-7938c21723
- FEDORA-2019-ad23a4522d
- FEDORA-2019-ad23a4522d
- 20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update
- 20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update
- GLSA-202006-23
- GLSA-202006-23
- USN-4566-1
- USN-4566-1
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html
- DSA-4590
- DSA-4590