Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3235

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3235
Last Modified 06 Jul 2013 02:41:14
Published 17 Sep 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3235

Summary

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

Vulnerable Systems

Application

  • Dovecot 1.0

  • Dovecot 1.0.1

  • Dovecot 1.0.2

  • Dovecot 1.0.3

  • Dovecot 1.1

  • Dovecot 1.1.0

  • Dovecot 1.1.1

  • Dovecot 1.1.2

  • Dovecot 1.1.3

  • Dovecot 1.1.4

  • Dovecot 1.1.5

  • Dovecot 1.1.6


References

FEDORA - FEDORA-2009-9559

MLIST - [Dovecot-news] 20090914 Security holes in CMU Sieve plugin

XF - cmu-sieve-dovecot-unspecified-bo(53248)

VUPEN - ADV-2009-3184

VUPEN - ADV-2009-2641

UBUNTU - USN-838-1

BID - 36377

OSVDB - 58103

MLIST - [oss-security] 20090914 Re: CVE for recent cyrus-imap issue

CONFIRM - http://support.apple.com/kb/HT3937

SECUNIA - 36904

SECUNIA - 36713

SECUNIA - 36698

SUSE - SUSE-SR:2009:018

SUSE - SUSE-SR:2009:016

APPLE - APPLE-SA-2009-11-09-1

Related Patches

Apple 2009-11-09 Mac OS X v10.6.2 Update

Red Hat 2009:1459-04 RHSA Important: cyrus-imapd security update for RHEL 5 x86


Last Updated: 27 May 2016 10:51:10