Showing 1 - 4 of 4

CVE-2019-19783

Status Candidate

Overview

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.

Related Files

Red Hat Security Advisory 2020-4655-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4655-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Issues addressed include bypass and privilege escalation vulnerabilities.; tags | advisory, vulnerability, imap; systems | linux, redhat; advisories | CVE-2019-18928, CVE-2019-19783; SHA-256 | 351b1e471e4038244a22555e9ae5e3516d9d76c701f6e5c112212a28d3c5a7d5; Download | Favorite | View

Ubuntu Security Notice USN-4566-1: Posted Oct 6, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.; tags | advisory, web, arbitrary, local, imap; systems | linux, ubuntu; advisories | CVE-2019-11356, CVE-2019-19783; SHA-256 | b29e714d866e6ec6075866950847cbd51cb8d46269dd8a4d6182d91d2d346043; Download | Favorite | View

Gentoo Linux Security Advisory 202006-23: Posted Jun 16, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202006-23 - An error in Cyrus IMAP Server allows mailboxes to be created with administrative privileges. Versions less than 3.0.13 are affected.; tags | advisory, imap; systems | linux, gentoo; advisories | CVE-2019-19783; SHA-256 | 1e7bbbfed2c2de886311d93aac435e0c81676a96a5713624632764df5154c6ff; Download | Favorite | View

Debian Security Advisory 4590-1: Posted Dec 21, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4590-1 - It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.; tags | advisory, imap; systems | linux, debian; advisories | CVE-2019-19783; SHA-256 | 7499dbe419697acfe2027ceca0aba6b752a7e8780a14c7275faefccefb192664; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2019-19783

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems