CVE-2011-3208 : Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd i

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

Published 2011-09-14 17:17:07

Updated 2018-10-30 16:26:47

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2011-3208

CMU » Cyrus Imap Server
Versions up to, including, (<=) 2.3.16
cpe:2.3:a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.13
cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.14
cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.2
cpe:2.3:a:cmu:cyrus_imap_server:2.4.2:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.1
cpe:2.3:a:cmu:cyrus_imap_server:2.4.1:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.0
cpe:2.3:a:cmu:cyrus_imap_server:2.4.0:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.3
cpe:2.3:a:cmu:cyrus_imap_server:2.3.3:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.2
cpe:2.3:a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.1
cpe:2.3:a:cmu:cyrus_imap_server:2.3.1:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.0
cpe:2.3:a:cmu:cyrus_imap_server:2.3.0:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.1.16
cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.11
cpe:2.3:a:cmu:cyrus_imap_server:2.3.11:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.0.17
cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.5
cpe:2.3:a:cmu:cyrus_imap_server:2.4.5:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.7
cpe:2.3:a:cmu:cyrus_imap_server:2.3.7:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.6
cpe:2.3:a:cmu:cyrus_imap_server:2.3.6:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.12
cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.12
cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.11
cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.9
cpe:2.3:a:cmu:cyrus_imap_server:2.3.9:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.8
cpe:2.3:a:cmu:cyrus_imap_server:2.3.8:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.15
cpe:2.3:a:cmu:cyrus_imap_server:2.3.15:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.13
cpe:2.3:a:cmu:cyrus_imap_server:2.3.13:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.9
cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.8
cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.1.18
cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.13p1
cpe:2.3:a:cmu:cyrus_imap_server:2.2.13p1:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.4
cpe:2.3:a:cmu:cyrus_imap_server:2.4.4:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.3
cpe:2.3:a:cmu:cyrus_imap_server:2.4.3:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.5
cpe:2.3:a:cmu:cyrus_imap_server:2.3.5:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.4
cpe:2.3:a:cmu:cyrus_imap_server:2.3.4:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.3.10
cpe:2.3:a:cmu:cyrus_imap_server:2.3.10:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.10
cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.1.17
cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.2.14
cpe:2.3:a:cmu:cyrus_imap_server:2.2.14:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.6
cpe:2.3:a:cmu:cyrus_imap_server:2.4.6:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.7
cpe:2.3:a:cmu:cyrus_imap_server:2.4.7:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.10
cpe:2.3:a:cmu:cyrus_imap_server:2.4.10:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.9
cpe:2.3:a:cmu:cyrus_imap_server:2.4.9:*:*:*:*:*:*:*
Matching versions
CMU » Cyrus Imap Server » Version: 2.4.8
cpe:2.3:a:cmu:cyrus_imap_server:2.4.8:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-3208

Top countries where our scanners detected CVE-2011-3208

Top open port discovered on systems with this issue 143

IPs affected by CVE-2011-3208 1,614

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-3208!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-3208

EPSS FAQ

23.65%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3208

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-3208

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3208

http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd

Patch
http://www.securityfocus.com/bid/49534

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
http://www.mandriva.com/security/advisories?name=MDVSA-2011:149

mandriva.com

CVEs referencing this url
http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d

Patch
https://bugzilla.redhat.com/show_bug.cgi?id=734926

734926 – (CVE-2011-3208) CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats()
Patch
http://www.debian.org/security/2011/dsa-2318

Debian -- Security Information -- DSA-2318-1 cyrus-imapd-2.2

CVEs referencing this url
http://securitytracker.com/id?1026031

Cyrus IMAP Server Buffer Overflow in NNTP Daemon Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199
http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html

openSUSE-SU-2011:1036-1: moderate: cyrus-imapd
https://hermes.opensuse.org/messages/11723935

openSUSE.org - 503
http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200
https://exchange.xforce.ibmcloud.com/vulnerabilities/69679

Cyrus IMAP Server split_wildmats() buffer overflow CVE-2011-3208 Vulnerability Report
http://www.redhat.com/support/errata/RHSA-2011-1317.html

Support