Back to search
CVE-2009-2632
Published: Sep 8, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
36377
vdb-entry
x_refsource_BID
DSA-1881
vendor-advisory
x_refsource_DEBIAN
36713
third-party-advisory
x_refsource_SECUNIA
[Cyrus-CVS] 20090902 src/sieve by brong
mailing-list
x_refsource_MLIST
36629
third-party-advisory
x_refsource_SECUNIA
[Dovecot-news] 20090914 Security holes in CMU Sieve plugin
mailing-list
x_refsource_MLIST
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
[Cyrus-CVS] 20090902 src/sieve by brong
mailing-list
x_refsource_MLIST
36632
third-party-advisory
x_refsource_SECUNIA
USN-838-1
vendor-advisory
x_refsource_UBUNTU
58103
vdb-entry
x_refsource_OSVDB
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
SUSE-SR:2009:016
vendor-advisory
x_refsource_SUSE
36904
third-party-advisory
x_refsource_SECUNIA
36698
third-party-advisory
x_refsource_SECUNIA
36296
vdb-entry
x_refsource_BID
ADV-2009-2641
vdb-entry
x_refsource_VUPEN
ADV-2009-2559
vdb-entry
x_refsource_VUPEN
FEDORA-2009-9559
vendor-advisory
x_refsource_FEDORA
oval:org.mitre.oval:def:10082
vdb-entry
signature
x_refsource_OVAL
[oss-security] 20090914 Re: CVE for recent cyrus-imap issue
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now