Security
Security
An error in Cyrus IMAP Server allows mailboxes to be created with administrative privileges.
| Package | net-mail/cyrus-imapd on all architectures |
|---|---|
| Affected versions | < 3.0.13 |
| Unaffected versions | >= 3.0.13 |
The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server.
An issue was discovered in Cyrus IMAP Server where sieve script uploading is excessively trusted.
A user can use a sieve script to create any mailbox with administrator privileges.
Disable sieve script uploading until the upgrade is complete.
All Cyrus IMAP Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-3.0.13"
Release date
June 15, 2020
Latest revision
June 15, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries