CVE-2011-3372: High severity cyrus sasl vulnerability
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Other sources
It was found that the Cyrus NNTP daemon (nntpd) did not properly verify that the user has successfully authenticated when checking if client requested NNTP commands can be performed. A remote NNTP client could use this flaw to bypass the authentication mechanism and obtain access to the information that should require authentication (list of newsgroups, newsgroup messages) or post new messages.
Acknowledgement:
Red Hat would like to thank Cyrus IMAP project for reporting this issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter.
— Red Hat
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2011-3372?
CVE-2011-3372 is classified as a medium severity vulnerability due to the risk of unauthorized access.
How do I fix CVE-2011-3372?
To mitigate CVE-2011-3372, upgrade to Cyrus IMAPd version 2.4.12 or later.
What types of attacks can exploit CVE-2011-3372?
CVE-2011-3372 can be exploited by remote attackers to bypass authentication on vulnerable NNTP servers.
Which versions of Cyrus IMAPd are affected by CVE-2011-3372?
CVE-2011-3372 affects Cyrus IMAPd versions prior to 2.4.12, specifically 2.4.11 and earlier.
Is there a workaround for CVE-2011-3372?
There is no known workaround for CVE-2011-3372 other than upgrading to a fixed version.