CVE-2019-18928: Critical severity cyrus sasl vulnerability
Published Nov 15, 2019
·Updated
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Affected Software
6 affected componentsFixes available
debian/cyrus-imapd
3.2.6-2+deb11u23.2.6-2+deb11u43.6.1-4+deb12u33.6.1-4+deb12u23.10.1-1
Cyrus IMAP>=2.5.0<2.5.14
Cyrus IMAP>=3.0.0<3.0.12
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Debian Debian Linux=9.0
Remediation
Event History
Nov 15, 2019
CVE Published
via MITRE·03:45 AM
Data Sourced
via MITRE·03:45 AM
Description
Jan 23, 2025
Data Sourced
via Launchpad·06:43 PM
Description
Jan 27, 2025
Data Sourced
via Ubuntu·06:42 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2019-18928?
CVE-2019-18928 is classified as a privilege escalation vulnerability.
2
How do I fix CVE-2019-18928?
To fix CVE-2019-18928, upgrade to Cyrus IMAP version 2.5.14 or 3.0.12 or later.
3
What versions of Cyrus IMAP are affected by CVE-2019-18928?
CVE-2019-18928 affects Cyrus IMAP versions prior to 2.5.14 and 3.x prior to 3.0.12.
4
Which operating systems are vulnerable to CVE-2019-18928?
CVE-2019-18928 affects systems running vulnerable versions of Cyrus IMAP on Debian and Fedora.
5
Is CVE-2019-18928 remotely exploitable?
Yes, CVE-2019-18928 can potentially be exploited remotely due to its nature of handling HTTP requests.