Vulnerabilities > CVE-2009-2632 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server 2.2.13/2.3.14

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
cmu
CWE-119
nessus

Summary

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Vulnerable Configurations

Part Description Count
Application
Cmu
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-838-1.NASL
    descriptionIt was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled
    last seen2020-06-01
    modified2020-06-02
    plugin id41940
    published2009-09-29
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41940
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-838-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41940);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2008-4577", "CVE-2008-5301", "CVE-2009-2632", "CVE-2009-3235");
      script_bugtraq_id(31587, 36377);
      script_xref(name:"USN", value:"838-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the ACL plugin in Dovecot would incorrectly
    handle negative access rights. An attacker could exploit this flaw to
    access the Dovecot server, bypassing the intended access restrictions.
    This only affected Ubuntu 8.04 LTS. (CVE-2008-4577)
    
    It was discovered that the ManageSieve service in Dovecot incorrectly
    handled '..' in script names. A remote attacker could exploit this to
    read and modify arbitrary sieve files on the server. This only
    affected Ubuntu 8.10. (CVE-2008-5301)
    
    It was discovered that the Sieve plugin in Dovecot incorrectly handled
    certain sieve scripts. An authenticated user could exploit this with a
    crafted sieve script to cause a denial of service or possibly execute
    arbitrary code. (CVE-2009-2632, CVE-2009-3235).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/838-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(22, 119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-imapd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-pop3d");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-postfix");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/09/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"dovecot-common", pkgver:"1:1.0.10-1ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"dovecot-dev", pkgver:"1.0.10-1ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"dovecot-imapd", pkgver:"1.0.10-1ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"dovecot-pop3d", pkgver:"1.0.10-1ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"dovecot-common", pkgver:"1:1.1.4-0ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"dovecot-dev", pkgver:"1.1.4-0ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"dovecot-imapd", pkgver:"1.1.4-0ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"dovecot-pop3d", pkgver:"1.1.4-0ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"dovecot-common", pkgver:"1:1.1.11-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"dovecot-dev", pkgver:"1.1.11-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"dovecot-imapd", pkgver:"1.1.11-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"dovecot-pop3d", pkgver:"1.1.11-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"dovecot-postfix", pkgver:"1.1.11-0ubuntu4.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot-common / dovecot-dev / dovecot-imapd / dovecot-pop3d / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1459.NASL
    descriptionUpdated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id41065
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41065
    titleRHEL 4 / 5 : cyrus-imapd (RHSA-2009:1459)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1459. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41065);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-2632", "CVE-2009-3235");
      script_bugtraq_id(36296, 36377);
      script_xref(name:"RHSA", value:"2009:1459");
    
      script_name(english:"RHEL 4 / 5 : cyrus-imapd (RHSA-2009:1459)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cyrus-imapd packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The cyrus-imapd packages contain a high-performance mail server with
    IMAP, POP3, NNTP, and Sieve support.
    
    Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve
    implementation. An authenticated user able to create Sieve mail
    filtering rules could use these flaws to execute arbitrary code with
    the privileges of the Cyrus IMAP server user. (CVE-2009-2632,
    CVE-2009-3235)
    
    Users of cyrus-imapd are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues. After
    installing the update, cyrus-imapd will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2632"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1459"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-murder");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-nntp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Cyrus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1459";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-2.2.12-10.el4_8.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-devel-2.2.12-10.el4_8.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-murder-2.2.12-10.el4_8.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-nntp-2.2.12-10.el4_8.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cyrus-imapd-utils-2.2.12-10.el4_8.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"perl-Cyrus-2.2.12-10.el4_8.4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cyrus-imapd-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cyrus-imapd-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cyrus-imapd-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"cyrus-imapd-devel-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cyrus-imapd-perl-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cyrus-imapd-perl-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cyrus-imapd-perl-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cyrus-imapd-utils-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cyrus-imapd-utils-2.3.7-7.el5_4.3")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cyrus-imapd-utils-2.3.7-7.el5_4.3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd / cyrus-imapd-devel / cyrus-imapd-murder / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CYRUS-IMAPD-090908.NASL
    descriptionThis update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632)
    last seen2020-06-01
    modified2020-06-02
    plugin id41040
    published2009-09-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41040
    titleopenSUSE Security Update : cyrus-imapd (cyrus-imapd-1286)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update cyrus-imapd-1286.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41040);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2009-2632");
    
      script_name(english:"openSUSE Security Update : cyrus-imapd (cyrus-imapd-1286)");
      script_summary(english:"Check for the cyrus-imapd-1286 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of cyrus-imapd fixes a buffer overflow that occurs in
    snprintf() due to incorrectly calculating the size of the destination
    buffer. (CVE-2009-2632)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=537128"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cyrus-imapd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cyrus-imapd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-IMAP");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Cyrus-SIEVE-managesieve");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/09/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"cyrus-imapd-2.3.11-60.20.2") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"cyrus-imapd-devel-2.3.11-60.20.2") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"perl-Cyrus-IMAP-2.3.11-60.20.2") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"perl-Cyrus-SIEVE-managesieve-2.3.11-60.20.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_012B495C9D5111DE8D20001BD3385381.NASL
    descriptionThe Cyrus IMAP Server ChangeLog states : Fixed CERT VU#336053 - Potential buffer overflow in Sieve.
    last seen2020-06-01
    modified2020-06-02
    plugin id40910
    published2009-09-10
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40910
    titleFreeBSD : cyrus-imapd -- Potential buffer overflow in Sieve (012b495c-9d51-11de-8d20-001bd3385381)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1459.NASL
    descriptionFrom Red Hat Security Advisory 2009:1459 : Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67930
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67930
    titleOracle Linux 4 / 5 : cyrus-imapd (ELSA-2009-1459)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1881.NASL
    descriptionIt was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id44746
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44746
    titleDebian DSA-1881-1 : cyrus-imapd-2.2 - buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-242.NASL
    descriptionA vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). This update provides a solution to this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id41050
    published2009-09-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41050
    titleMandriva Linux Security Advisory : dovecot (MDVSA-2009:242)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_DOVECOT-6539.NASL
    descriptionThis update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235)
    last seen2020-06-01
    modified2020-06-02
    plugin id42104
    published2009-10-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42104
    titleopenSUSE 10 Security Update : dovecot (dovecot-6539)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_DOVECOT-091007.NASL
    descriptionThis update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235)
    last seen2020-06-01
    modified2020-06-02
    plugin id42102
    published2009-10-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42102
    titleopenSUSE Security Update : dovecot (dovecot-1366)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1459.NASL
    descriptionUpdated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id43795
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43795
    titleCentOS 4 / 5 : cyrus-imapd (CESA-2009:1459)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-196.NASL
    descriptionA vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). Packages for 2009.1 were missing with the previous MDVSA-2009:242 update. This update corrects this. This update provides a solution to this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id49743
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49743
    titleMandriva Linux Security Advisory : dovecot (MDVSA-2010:196)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_DOVECOT-091008.NASL
    descriptionThis update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235)
    last seen2020-06-01
    modified2020-06-02
    plugin id42103
    published2009-10-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42103
    titleopenSUSE Security Update : dovecot (dovecot-1366)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar
    last seen2020-06-01
    modified2020-06-02
    plugin id45373
    published2010-03-29
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45373
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-002)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-9559.NASL
    descriptiondovecot-sieve updated to 1.1.7 It is derived from CMU sieve used by cyrus- imapd and was affected by CVE-2009-2632 too. See upstream announcement for further details: http://dovecot.org/list/dovecot- news/2009-September/000135.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40992
    published2009-09-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40992
    titleFedora 10 : dovecot-1.1.18-2.fc10 (2009-9559)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_CYRUS-IMAPD-090908.NASL
    descriptionThis update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632)
    last seen2020-06-01
    modified2020-06-02
    plugin id41034
    published2009-09-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41034
    titleopenSUSE Security Update : cyrus-imapd (cyrus-imapd-1286)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090923_CYRUS_IMAPD_ON_SL4_X.NASL
    descriptionCVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) After installing the update, cyrus-imapd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60669
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60669
    titleScientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CYRUS-IMAPD-6483.NASL
    descriptionThis update of cyrus-imapd fixes a buffer overflow that occurs in snprintf() due to incorrectly calculating the size of the destination buffer. (CVE-2009-2632)
    last seen2020-06-01
    modified2020-06-02
    plugin id41995
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41995
    titleopenSUSE 10 Security Update : cyrus-imapd (cyrus-imapd-6483)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-16 (Cyrus IMAP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated local or remote attacker may be able to execute arbitrary code with the privileges of the Cyrus IMAP Server process or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56591
    published2011-10-24
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56591
    titleGLSA-201110-16 : Cyrus IMAP Server: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1892.NASL
    descriptionIt was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id44757
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44757
    titleDebian DSA-1892-1 : dovecot - buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-229.NASL
    descriptionA vulnerability has been found and corrected in cyrus-imapd : Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id40965
    published2009-09-14
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40965
    titleMandriva Linux Security Advisory : cyrus-imapd (MDVSA-2009:229-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1893.NASL
    descriptionIt was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
    last seen2020-06-01
    modified2020-06-02
    plugin id44758
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44758
    titleDebian DSA-1893-1 : cyrus-imapd-2.2 kolab-cyrus-imapd - buffer overflow

Oval

accepted2013-04-29T04:01:22.613-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionBuffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
familyunix
idoval:org.mitre.oval:def:10082
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
version28

Redhat

rpms
  • cyrus-imapd-0:2.2.12-10.el4_8.4
  • cyrus-imapd-0:2.3.7-7.el5_4.3
  • cyrus-imapd-debuginfo-0:2.2.12-10.el4_8.4
  • cyrus-imapd-debuginfo-0:2.3.7-7.el5_4.3
  • cyrus-imapd-devel-0:2.2.12-10.el4_8.4
  • cyrus-imapd-devel-0:2.3.7-7.el5_4.3
  • cyrus-imapd-murder-0:2.2.12-10.el4_8.4
  • cyrus-imapd-nntp-0:2.2.12-10.el4_8.4
  • cyrus-imapd-perl-0:2.3.7-7.el5_4.3
  • cyrus-imapd-utils-0:2.2.12-10.el4_8.4
  • cyrus-imapd-utils-0:2.3.7-7.el5_4.3
  • perl-Cyrus-0:2.2.12-10.el4_8.4