TROYANOSYVIRUS
Voltar para CVEs

CVE-2009-2632

N/A

Descricao

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado9/8/2009
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

cmu:cyrus_imap_server

Fraquezas (CWE)

CWE-119

Referencias

http://dovecot.org/list/dovecot-news/2009-September/000135.html(cret@cert.org)
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html(cret@cert.org)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html(cret@cert.org)
http://secunia.com/advisories/36629(cret@cert.org)
http://secunia.com/advisories/36632(cret@cert.org)
http://secunia.com/advisories/36698(cret@cert.org)
http://secunia.com/advisories/36713(cret@cert.org)
http://secunia.com/advisories/36904(cret@cert.org)
http://support.apple.com/kb/HT4077(cret@cert.org)
http://www.debian.org/security/2009/dsa-1881(cret@cert.org)
http://www.openwall.com/lists/oss-security/2009/09/14/3(cret@cert.org)
http://www.osvdb.org/58103(cret@cert.org)
http://www.securityfocus.com/bid/36296(cret@cert.org)
http://www.securityfocus.com/bid/36377(cret@cert.org)
http://www.ubuntu.com/usn/USN-838-1(cret@cert.org)
http://www.vupen.com/english/advisories/2009/2559(cret@cert.org)
http://www.vupen.com/english/advisories/2009/2641(cret@cert.org)
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail(cret@cert.org)
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html(cret@cert.org)
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html(cret@cert.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082(cret@cert.org)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html(cret@cert.org)
http://dovecot.org/list/dovecot-news/2009-September/000135.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36629(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36632(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36698(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36713(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36904(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4077(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1881(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/09/14/3(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/58103(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36296(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36377(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-838-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2559(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2641(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail(af854a3a-2127-422b-91ae-364da2661108)
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.