[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2632Date: (C)2009-09-08   (M)2024-02-22


Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-36296
BID-36377
SECUNIA-36629
SECUNIA-36632
SECUNIA-36698
SECUNIA-36713
SECUNIA-36904
OSVDB-58103
ADV-2009-2559
ADV-2009-2641
APPLE-SA-2010-03-29-1
DSA-1881
FEDORA-2009-9559
SUSE-SR:2009:016
USN-838-1
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
http://dovecot.org/list/dovecot-news/2009-September/000135.html
http://www.openwall.com/lists/oss-security/2009/09/14/3
http://support.apple.com/kb/HT4077
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
oval:org.mitre.oval:def:10082

CPE    2
cpe:/a:cmu:cyrus_imap_server:2.3.14
cpe:/a:cmu:cyrus_imap_server:2.2.13
CWE    1
CWE-119
OVAL    15
oval:org.secpod.oval:def:300830
oval:org.secpod.oval:def:300861
oval:org.mitre.oval:def:8390
oval:org.secpod.oval:def:101915
...

© SecPod Technologies