Home » cyrus imapd: Vulnerability permits denial of service

cyrus imapd: Vulnerability permits denial of service

by admin
cyrus imapd: Vulnerability permits denial of service

As BSI is presently reporting, the IT safety alert, concerning the cyrus imapd vulnerability, has acquired an replace. You can learn how affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) reported a safety advisory for cyrus imapd on June 4, 2024. The safety vulnerability impacts the Linux working system and Fedora Linux merchandise and the open supply cyrus imapd. This alert was final up to date on June 5, 2024.

The newest producer suggestions concerning updates, workarounds and safety patches for this vulnerability will be discovered right here: Fedora Security Advisory FEDORA-2024-CFBDC342A2 (As of June 5, 2024). Some helpful sources are listed later on this article.

Security warning for cyrus imapd – threat: medium

Risk stage: 3 (reasonable)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on varied standards with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally take into consideration adjustments over time within the threat scenario. According to CVSS, the present vulnerability is classed as “reasonable” with 6.5 foundation factors.

cyrus imapd Bug: A vulnerability permits a denial of service

Cyrus IMAPD is a mail server that gives IMAP, POP3, NNTP and Sieve assist.

See also  IT Security: Linux is weak - IT safety warning replace for Apache CXF (vulnerability: medium)

A distant, approved attacker may exploit a vulnerability in cyrus imapd to conduct a denial of service assault.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-34055 on the market.

Systems affected by the safety hole at a look

working system
Linux

Products
Fedora Linux (cpe:/o:fedoraproject:fedora)
Open supply cyrus imapd

General suggestions for addressing IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This typically incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.

Sources for updates, patches and workarounds

Here you will see that some hyperlinks with details about bug studies, safety fixes and workarounds.

Fedora Security Advisory FEDORA-2024-CFBDC342A2 vom 2024-06-05 (05.06.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-F3E0255C75 vom 2024-06-05 (05.06.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-123F2B3666 vom 2024-06-05 (05.06.2024)
For extra data, see:

Red Hat Bugzilla – Bug 2290510 (04.06.2024)
For extra data, see:

NIST Vulnerability Database vom 2024-06-04 (04.06.2024)
For extra data, see:

IMAP launch notes from 2024-06-04 (04.06.2024)
For extra data, see:

Version historical past of this safety alert

This is model 2 of this IT safety discover for cyrus imapd. This doc will probably be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.

See also  Redmi K70 Extreme Edition seems on the internet: outfitted with Dimensity 9300+ chip, the strongest efficiency within the Android camp - Sina Hong Kong

June 4, 2024 – First model
June 5, 2024 – New updates from Fedora added

+++ Editorial observe: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial group.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy