In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. Upstream issue: https://github.com/cyrusimap/cyrus-imapd/issues/2132 Upstream patch: https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79
Created cyrus-imapd tracking bugs for this issue: Affects: fedora-25 [bug 1491237]
My understanding was that this issue was not present previous to version 3.0.0, and thus Fedora 25 needs no fix.
(In reply to Jason Tibbitts from comment #2) > My understanding was that this issue was not present previous to version > 3.0.0, and thus Fedora 25 needs no fix. This seems to hold true, thanks for closing the fedora bug. Let us finish the deeper analysis of cyrus-imapd in RHEL, then we'll close this one as well.
This issue did not affect the versions of cyrus-imapd as shipped with Red Hat Enterprise Linux 5, 6, and 7.