Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2009-2632

Published: 08/09/2009 Updated: 19/09/2017
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Cyrus Imap Server

Vulnerability Summary

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 prior to 1.0.4 and 1.1 prior to 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Vulnerable Product Search on Vulmon Subscribe to Product

cmu cyrus imap server 2.2.13

cmu cyrus imap server 2.3.14

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-3235: Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
Debian Bug report logs - #546656 CVE-2009-3235: Multiple stack-based buffer overflows in the Sieve plugin in Dovecot Package: dovecot-common; Maintainer for dovecot-common is (unknown); Reported by: Pascal Volk <user@localhostlocaldomainorg> Date: Mon, 14 Sep 2009 21:18:02 UTC Severity: grave Tags: patch, security, upstr ...
Ubuntu Security Notice: dovecot vulnerabilities
It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions This only affected Ubuntu 804 LTS (CVE-2008-4577) ...
Debian Security Advisories: DSA-1892-1 dovecot -- buffer overflow
It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts This can be used to elevate privileges to the dovecot system user An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modi ...

References

CWE-119https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.htmlhttp://www.vupen.com/english/advisories/2009/2559http://secunia.com/advisories/36629http://secunia.com/advisories/36632https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.htmlhttp://www.securityfocus.com/bid/36296https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tailhttp://www.debian.org/security/2009/dsa-1881http://www.openwall.com/lists/oss-security/2009/09/14/3http://www.securityfocus.com/bid/36377http://dovecot.org/list/dovecot-news/2009-September/000135.htmlhttp://www.vupen.com/english/advisories/2009/2641http://www.osvdb.org/58103https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.htmlhttp://secunia.com/advisories/36698http://secunia.com/advisories/36713http://secunia.com/advisories/36904http://www.ubuntu.com/usn/USN-838-1http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlhttp://support.apple.com/kb/HT4077http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546656https://usn.ubuntu.com/838-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/336053
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook