CVE - CVE-2009-2632

CVE-ID
CVE-2009-2632	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2010-03-29-1 URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BID:36296 URL:http://www.securityfocus.com/bid/36296 BID:36377 URL:http://www.securityfocus.com/bid/36377 CONFIRM:http://support.apple.com/kb/HT4077 CONFIRM:https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail DEBIAN:DSA-1881 URL:http://www.debian.org/security/2009/dsa-1881 FEDORA:FEDORA-2009-9559 URL:https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html MLIST:[Cyrus-CVS] 20090902 src/sieve by brong URL:https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html MLIST:[Cyrus-CVS] 20090902 src/sieve by brong URL:https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html MLIST:[Dovecot-news] 20090914 Security holes in CMU Sieve plugin URL:http://dovecot.org/list/dovecot-news/2009-September/000135.html MLIST:[oss-security] 20090914 Re: CVE for recent cyrus-imap issue URL:http://www.openwall.com/lists/oss-security/2009/09/14/3 OSVDB:58103 URL:~~http://www.osvdb.org/58103~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10082 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082 SECUNIA:36629 URL:http://secunia.com/advisories/36629 SECUNIA:36632 URL:http://secunia.com/advisories/36632 SECUNIA:36698 URL:http://secunia.com/advisories/36698 SECUNIA:36713 URL:http://secunia.com/advisories/36713 SECUNIA:36904 URL:http://secunia.com/advisories/36904 SUSE:SUSE-SR:2009:016 URL:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html UBUNTU:USN-838-1 URL:http://www.ubuntu.com/usn/USN-838-1 VUPEN:ADV-2009-2559 URL:~~http://www.vupen.com/english/advisories/2009/2559~~ (Obsolete source) VUPEN:ADV-2009-2641 URL:~~http://www.vupen.com/english/advisories/2009/2641~~ (Obsolete source)
Assigning CNA
CERT/CC
Date Record Created
20090728	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090728)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)