CVE-2009-2632

critical

Description

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

References

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082

https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html

https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail

http://www.vupen.com/english/advisories/2009/2641

http://www.vupen.com/english/advisories/2009/2559

http://www.ubuntu.com/usn/USN-838-1

http://www.securityfocus.com/bid/36377

http://www.securityfocus.com/bid/36296

http://www.osvdb.org/58103

http://www.openwall.com/lists/oss-security/2009/09/14/3

http://www.debian.org/security/2009/dsa-1881

http://support.apple.com/kb/HT4077

http://secunia.com/advisories/36904

http://secunia.com/advisories/36713

http://secunia.com/advisories/36698

http://secunia.com/advisories/36632

http://secunia.com/advisories/36629

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://dovecot.org/list/dovecot-news/2009-September/000135.html

Details

Source: Mitre, NVD

Published: 2009-09-08

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical