PT-2015-3147 · Cyrus+2 · Cyrus Imap+2

Martin Prpic

Publicado

2015-07-11

Atualizado

2018-10-30

CVE-2015-8076

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cyrus IMAP versions 2.3.x through 2.3.18 Cyrus IMAP versions 2.4.x through 2.4.17 Cyrus IMAP versions 2.5.x through 2.5.3

Description The issue is caused by an out-of-bounds heap read in the index urlfetch function. This can allow a remote attacker to obtain sensitive information or possibly have other unspecified impact via vectors related to the urlfetch range.

Recommendations For Cyrus IMAP versions 2.3.x through 2.3.18, update to version 2.3.19 or later. For Cyrus IMAP versions 2.4.x through 2.4.17, update to version 2.4.18 or later. For Cyrus IMAP versions 2.5.x through 2.5.3, update to version 2.5.4 or later.

Correção

Buffer Overflow

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-200

Identificadores relacionados

ALT-PU-2015-1604

BDU:2016-00362

CVE-2015-8076

SUSE-SU-2016:1457-1

SUSE-SU-2016:1459-1

Produtos afetados

Alt Linux

Cyrus Imap

Suse

PT-2015-3147 · Cyrus+2 · Cyrus Imap+2

CVE-2015-8076

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37