Vulnerability Description
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmu | Cyrus Imap Server | 2.2.13 |
Related Weaknesses (CWE)
References
- http://dovecot.org/list/dovecot-news/2009-September/000135.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://secunia.com/advisories/36629Vendor Advisory
- http://secunia.com/advisories/36632Vendor Advisory
- http://secunia.com/advisories/36698
- http://secunia.com/advisories/36713
- http://secunia.com/advisories/36904
- http://support.apple.com/kb/HT4077
- http://www.debian.org/security/2009/dsa-1881Patch
- http://www.openwall.com/lists/oss-security/2009/09/14/3
- http://www.osvdb.org/58103
- http://www.securityfocus.com/bid/36296Patch
- http://www.securityfocus.com/bid/36377
- http://www.ubuntu.com/usn/USN-838-1
FAQ
What is CVE-2009-2632?
CVE-2009-2632 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to ...
How severe is CVE-2009-2632?
CVE-2009-2632 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2632?
Check the references section above for vendor advisories and patch information. Affected products include: Cmu Cyrus Imap Server.