It was found, that Cyrus IMAP recognized IMAP, LMTP, NNTP and POP3 protocol commands during plaintex to TLS session switch (by TLS protocol initialization). A remote attacker could use this flaw to insert plaintext, protocol relevant, commands into TLS protocol initialization messages, leading to execution of these commands during the ciphertext protocol phase, potentially allowing the attacker to steal the victim's mail or authentication credentials. References: [1] http://www.kb.cert.org/vuls/id/555316 [2] http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 Relevant upstream patch: [3] http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162
This issue affects the versions of the cyrus-imapd package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the cyrus-imapd package, as shipped with Fedora release of 13 and 14. Please schedule an update.
CVE Request: [4] http://www.openwall.com/lists/oss-security/2011/05/17/2
Created cyrus-imapd tracking bugs for this issue Affects: fedora-all [bug 705294]
This was assigned CVE-2011-1926.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 6 Via RHSA-2011:0859 https://rhn.redhat.com/errata/RHSA-2011-0859.html