Vulnerabilities > CVE-2009-2632 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CMU Cyrus Imap Server 2.2.13/2.3.14
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-838-1.NASL description It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled last seen 2020-06-01 modified 2020-06-02 plugin id 41940 published 2009-09-29 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41940 title Ubuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-838-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(41940); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-4577", "CVE-2008-5301", "CVE-2009-2632", "CVE-2009-3235"); script_bugtraq_id(31587, 36377); script_xref(name:"USN", value:"838-1"); script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled '..' in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. (CVE-2008-5301) It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code. (CVE-2009-2632, CVE-2009-3235). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/838-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(22, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-pop3d"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-postfix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-common", pkgver:"1:1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-dev", pkgver:"1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-imapd", pkgver:"1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-pop3d", pkgver:"1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-common", pkgver:"1:1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-dev", pkgver:"1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-imapd", pkgver:"1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-pop3d", pkgver:"1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-common", pkgver:"1:1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-dev", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-imapd", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-pop3d", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-postfix", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot-common / dovecot-dev / dovecot-imapd / dovecot-pop3d / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1459.NASL description Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 41065 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41065 title RHEL 4 / 5 : cyrus-imapd (RHSA-2009:1459) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1459. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(41065); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-2632", "CVE-2009-3235"); script_bugtraq_id(36296, 36377); script_xref(name:"RHSA", value:"2009:1459"); script_name(english:"RHEL 4 / 5 : cyrus-imapd (RHSA-2009:1459)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2632" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-3235" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1459" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-murder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-nntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Cyrus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/08"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:1459"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-2.2.12-10.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-devel-2.2.12-10.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-murder-2.2.12-10.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-nntp-2.2.12-10.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-utils-2.2.12-10.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"perl-Cyrus-2.2.12-10.el4_8.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cyrus-imapd-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cyrus-imapd-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cyrus-imapd-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", reference:"cyrus-imapd-devel-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cyrus-imapd-perl-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cyrus-imapd-perl-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cyrus-imapd-perl-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cyrus-imapd-utils-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cyrus-imapd-utils-2.3.7-7.el5_4.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cyrus-imapd-utils-2.3.7-7.el5_4.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_11_1_CYRUS-IMAPD-090908.NASL description This update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632) last seen 2020-06-01 modified 2020-06-02 plugin id 41040 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41040 title openSUSE Security Update : cyrus-imapd (cyrus-imapd-1286) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update cyrus-imapd-1286. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(41040); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-2632"); script_name(english:"openSUSE Security Update : cyrus-imapd (cyrus-imapd-1286)"); script_summary(english:"Check for the cyrus-imapd-1286 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=537128" ); script_set_attribute( attribute:"solution", value:"Update the affected cyrus-imapd packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-IMAP"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-SIEVE-managesieve"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"cyrus-imapd-2.3.11-60.20.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"cyrus-imapd-devel-2.3.11-60.20.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"perl-Cyrus-IMAP-2.3.11-60.20.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"perl-Cyrus-SIEVE-managesieve-2.3.11-60.20.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_012B495C9D5111DE8D20001BD3385381.NASL description The Cyrus IMAP Server ChangeLog states : Fixed CERT VU#336053 - Potential buffer overflow in Sieve. last seen 2020-06-01 modified 2020-06-02 plugin id 40910 published 2009-09-10 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40910 title FreeBSD : cyrus-imapd -- Potential buffer overflow in Sieve (012b495c-9d51-11de-8d20-001bd3385381) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1459.NASL description From Red Hat Security Advisory 2009:1459 : Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67930 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67930 title Oracle Linux 4 / 5 : cyrus-imapd (ELSA-2009-1459) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1881.NASL description It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 44746 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44746 title Debian DSA-1881-1 : cyrus-imapd-2.2 - buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-242.NASL description A vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 41050 published 2009-09-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41050 title Mandriva Linux Security Advisory : dovecot (MDVSA-2009:242) NASL family SuSE Local Security Checks NASL id SUSE_DOVECOT-6539.NASL description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) last seen 2020-06-01 modified 2020-06-02 plugin id 42104 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42104 title openSUSE 10 Security Update : dovecot (dovecot-6539) NASL family SuSE Local Security Checks NASL id SUSE_11_0_DOVECOT-091007.NASL description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) last seen 2020-06-01 modified 2020-06-02 plugin id 42102 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42102 title openSUSE Security Update : dovecot (dovecot-1366) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1459.NASL description Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 43795 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43795 title CentOS 4 / 5 : cyrus-imapd (CESA-2009:1459) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-196.NASL description A vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). Packages for 2009.1 were missing with the previous MDVSA-2009:242 update. This update corrects this. This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 49743 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49743 title Mandriva Linux Security Advisory : dovecot (MDVSA-2010:196) NASL family SuSE Local Security Checks NASL id SUSE_11_1_DOVECOT-091008.NASL description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) last seen 2020-06-01 modified 2020-06-02 plugin id 42103 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42103 title openSUSE Security Update : dovecot (dovecot-1366) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-002.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 45373 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45373 title Mac OS X Multiple Vulnerabilities (Security Update 2010-002) NASL family Fedora Local Security Checks NASL id FEDORA_2009-9559.NASL description dovecot-sieve updated to 1.1.7 It is derived from CMU sieve used by cyrus- imapd and was affected by CVE-2009-2632 too. See upstream announcement for further details: http://dovecot.org/list/dovecot- news/2009-September/000135.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40992 published 2009-09-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40992 title Fedora 10 : dovecot-1.1.18-2.fc10 (2009-9559) NASL family SuSE Local Security Checks NASL id SUSE_11_0_CYRUS-IMAPD-090908.NASL description This update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632) last seen 2020-06-01 modified 2020-06-02 plugin id 41034 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41034 title openSUSE Security Update : cyrus-imapd (cyrus-imapd-1286) NASL family Scientific Linux Local Security Checks NASL id SL_20090923_CYRUS_IMAPD_ON_SL4_X.NASL description CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60669 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60669 title Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_CYRUS-IMAPD-6483.NASL description This update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632) last seen 2020-06-01 modified 2020-06-02 plugin id 41995 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41995 title openSUSE 10 Security Update : cyrus-imapd (cyrus-imapd-6483) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-16.NASL description The remote host is affected by the vulnerability described in GLSA-201110-16 (Cyrus IMAP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated local or remote attacker may be able to execute arbitrary code with the privileges of the Cyrus IMAP Server process or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56591 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56591 title GLSA-201110-16 : Cyrus IMAP Server: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1892.NASL description It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 44757 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44757 title Debian DSA-1892-1 : dovecot - buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-229.NASL description A vulnerability has been found and corrected in cyrus-imapd : Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 40965 published 2009-09-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40965 title Mandriva Linux Security Advisory : cyrus-imapd (MDVSA-2009:229-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1893.NASL description It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity. last seen 2020-06-01 modified 2020-06-02 plugin id 44758 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44758 title Debian DSA-1893-1 : cyrus-imapd-2.2 kolab-cyrus-imapd - buffer overflow
Oval
| accepted | 2013-04-29T04:01:22.613-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10082 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | ||||||||||||||||||||||||
| version | 28 |
Redhat
| rpms |
|
References
- http://dovecot.org/list/dovecot-news/2009-September/000135.html
- http://dovecot.org/list/dovecot-news/2009-September/000135.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://secunia.com/advisories/36629
- http://secunia.com/advisories/36629
- http://secunia.com/advisories/36632
- http://secunia.com/advisories/36632
- http://secunia.com/advisories/36698
- http://secunia.com/advisories/36698
- http://secunia.com/advisories/36713
- http://secunia.com/advisories/36713
- http://secunia.com/advisories/36904
- http://secunia.com/advisories/36904
- http://support.apple.com/kb/HT4077
- http://support.apple.com/kb/HT4077
- http://www.debian.org/security/2009/dsa-1881
- http://www.debian.org/security/2009/dsa-1881
- http://www.openwall.com/lists/oss-security/2009/09/14/3
- http://www.openwall.com/lists/oss-security/2009/09/14/3
- http://www.osvdb.org/58103
- http://www.osvdb.org/58103
- http://www.securityfocus.com/bid/36296
- http://www.securityfocus.com/bid/36296
- http://www.securityfocus.com/bid/36377
- http://www.securityfocus.com/bid/36377
- http://www.ubuntu.com/usn/USN-838-1
- http://www.ubuntu.com/usn/USN-838-1
- http://www.vupen.com/english/advisories/2009/2559
- http://www.vupen.com/english/advisories/2009/2559
- http://www.vupen.com/english/advisories/2009/2641
- http://www.vupen.com/english/advisories/2009/2641
- https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
- https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
- https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
- https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
- https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
- https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082
- https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html
- https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html