CVE-2009-2632

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
References
Link Resource
http://dovecot.org/list/dovecot-news/2009-September/000135.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://secunia.com/advisories/36629 Vendor Advisory
http://secunia.com/advisories/36632 Vendor Advisory
http://secunia.com/advisories/36698
http://secunia.com/advisories/36713
http://secunia.com/advisories/36904
http://support.apple.com/kb/HT4077
http://www.debian.org/security/2009/dsa-1881 Patch
http://www.openwall.com/lists/oss-security/2009/09/14/3
http://www.osvdb.org/58103
http://www.securityfocus.com/bid/36296 Patch
http://www.securityfocus.com/bid/36377
http://www.ubuntu.com/usn/USN-838-1
http://www.vupen.com/english/advisories/2009/2559 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2641
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html
http://dovecot.org/list/dovecot-news/2009-September/000135.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://secunia.com/advisories/36629 Vendor Advisory
http://secunia.com/advisories/36632 Vendor Advisory
http://secunia.com/advisories/36698
http://secunia.com/advisories/36713
http://secunia.com/advisories/36904
http://support.apple.com/kb/HT4077
http://www.debian.org/security/2009/dsa-1881 Patch
http://www.openwall.com/lists/oss-security/2009/09/14/3
http://www.osvdb.org/58103
http://www.securityfocus.com/bid/36296 Patch
http://www.securityfocus.com/bid/36377
http://www.ubuntu.com/usn/USN-838-1
http://www.vupen.com/english/advisories/2009/2559 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2641
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*

History

21 Nov 2024, 01:05

Type Values Removed Values Added
References () http://dovecot.org/list/dovecot-news/2009-September/000135.html - () http://dovecot.org/list/dovecot-news/2009-September/000135.html -
References () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html - () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html -
References () http://secunia.com/advisories/36629 - Vendor Advisory () http://secunia.com/advisories/36629 - Vendor Advisory
References () http://secunia.com/advisories/36632 - Vendor Advisory () http://secunia.com/advisories/36632 - Vendor Advisory
References () http://secunia.com/advisories/36698 - () http://secunia.com/advisories/36698 -
References () http://secunia.com/advisories/36713 - () http://secunia.com/advisories/36713 -
References () http://secunia.com/advisories/36904 - () http://secunia.com/advisories/36904 -
References () http://support.apple.com/kb/HT4077 - () http://support.apple.com/kb/HT4077 -
References () http://www.debian.org/security/2009/dsa-1881 - Patch () http://www.debian.org/security/2009/dsa-1881 - Patch
References () http://www.openwall.com/lists/oss-security/2009/09/14/3 - () http://www.openwall.com/lists/oss-security/2009/09/14/3 -
References () http://www.osvdb.org/58103 - () http://www.osvdb.org/58103 -
References () http://www.securityfocus.com/bid/36296 - Patch () http://www.securityfocus.com/bid/36296 - Patch
References () http://www.securityfocus.com/bid/36377 - () http://www.securityfocus.com/bid/36377 -
References () http://www.ubuntu.com/usn/USN-838-1 - () http://www.ubuntu.com/usn/USN-838-1 -
References () http://www.vupen.com/english/advisories/2009/2559 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/2559 - Patch, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/2641 - () http://www.vupen.com/english/advisories/2009/2641 -
References () https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail - () https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail -
References () https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html - () https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html -
References () https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html - () https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html - () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html -

Information

Published : 2009-09-08 23:30

Updated : 2024-11-21 01:05


NVD link : CVE-2009-2632

Mitre link : CVE-2009-2632

CVE.ORG link : CVE-2009-2632


JSON object : View

Products Affected

cmu

  • cyrus_imap_server
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer