Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2632

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2009-2632
Last Modified 21 Aug 2010 01:34:17
Published 08 Sep 2009 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2632

Summary

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Vulnerable Systems

Application

  • Cmu Cyrus Imap Server 2.2.13

  • Cmu Cyrus Imap Server 2.3.14


References

VUPEN - ADV-2009-2559

BID - 36296

DEBIAN - DSA-1881

FEDORA - FEDORA-2009-9559

MLIST - [Cyrus-CVS] 20090902 src/sieve by brong

CONFIRM - https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail

VUPEN - ADV-2009-2641

UBUNTU - USN-838-1

BID - 36377

OSVDB - 58103

MLIST - [oss-security] 20090914 Re: CVE for recent cyrus-imap issue

CONFIRM - http://support.apple.com/kb/HT4077

SECUNIA - 36904

SECUNIA - 36713

SECUNIA - 36698

SECUNIA - 36632

SECUNIA - 36629

SUSE - SUSE-SR:2009:016

APPLE - APPLE-SA-2010-03-29-1

MLIST - [Dovecot-news] 20090914 Security holes in CMU Sieve plugin

Related Patches

Red Hat 2009:1459-04 RHSA Important: cyrus-imapd security update for RHEL 5 x86


Last Updated: 27 May 2016 10:50:58