An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
Source RPM: cyrus-imapd-2.5.15-3.mga8.src => cyrus-imapd-2.5.15-3.mga8.src.rpmCVE: (none) => CVE-2019-19783 CVE-2017-14230
CVE-2019-19783 was already FIXED in Bug 25913. CVE-2017-14230 was examined for 2.5 here: https://github.com/cyrusimap/cyrus-imapd/issues/3241 and determined to be INVALID.
Status: NEW => RESOLVEDCVE: CVE-2019-19783 CVE-2017-14230 => CVE-2017-14230Whiteboard: (none) => MGA7TOOSummary: cyrus-imapd security issue CVE-2019-19783 CVE-2017-14230 => cyrus-imapd new security issue CVE-2017-14230URL: https://nvd.nist.gov/vuln/detail/CVE-2019-19783 => (none)Resolution: (none) => INVALID