CentOS Update For Cyrus-imapd CESA-2009:1116 Centos5 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688) Users of cyrus-imapd are advised to upgrade to these updated packages, which resolve this issue. After installing the update, cyrus-imapd will be restarted automatically.

Affected

cyrus-imapd on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2009-June/015978.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0688

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386

Take action and discover your vulnerabilities