Vulnerabilities > CVE-2009-3235 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dovecot
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-838-1.NASL description It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled last seen 2020-06-01 modified 2020-06-02 plugin id 41940 published 2009-09-29 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41940 title Ubuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-838-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(41940); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-4577", "CVE-2008-5301", "CVE-2009-2632", "CVE-2009-3235"); script_bugtraq_id(31587, 36377); script_xref(name:"USN", value:"838-1"); script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled '..' in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. (CVE-2008-5301) It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code. (CVE-2009-2632, CVE-2009-3235). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/838-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(22, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-pop3d"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-postfix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-common", pkgver:"1:1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-dev", pkgver:"1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-imapd", pkgver:"1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"dovecot-pop3d", pkgver:"1.0.10-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-common", pkgver:"1:1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-dev", pkgver:"1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-imapd", pkgver:"1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"dovecot-pop3d", pkgver:"1.1.4-0ubuntu1.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-common", pkgver:"1:1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-dev", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-imapd", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-pop3d", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"dovecot-postfix", pkgver:"1.1.11-0ubuntu4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot-common / dovecot-dev / dovecot-imapd / dovecot-pop3d / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_CYRUS-IMAPD-090924.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 42314 published 2009-10-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42314 title openSUSE Security Update : cyrus-imapd (cyrus-imapd-1337) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1459.NASL description Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 41065 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41065 title RHEL 4 / 5 : cyrus-imapd (RHSA-2009:1459) NASL family Fedora Local Security Checks NASL id FEDORA_2009-9901.NASL description Fixed multiple stack-based buffer overflows in libsieve, which allowed context- dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 41614 published 2009-09-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41614 title Fedora 11 : cyrus-imapd-2.3.15-1.fc11 (2009-9901) NASL family Fedora Local Security Checks NASL id FEDORA_2009-9869.NASL description Fixed multiple stack-based buffer overflows in libsieve, which allowed context- dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 41613 published 2009-09-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41613 title Fedora 10 : cyrus-imapd-2.3.15-1.fc10 (2009-9869) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1459.NASL description From Red Hat Security Advisory 2009:1459 : Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67930 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67930 title Oracle Linux 4 / 5 : cyrus-imapd (ELSA-2009-1459) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-242.NASL description A vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 41050 published 2009-09-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41050 title Mandriva Linux Security Advisory : dovecot (MDVSA-2009:242) NASL family SuSE Local Security Checks NASL id SUSE_11_CYRUS-IMAPD-090924.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 42300 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42300 title SuSE 11 Security Update : Cyrus IMAPD (SAT Patch Number 1335) NASL family SuSE Local Security Checks NASL id SUSE9_12520.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 42299 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42299 title SuSE9 Security Update : Cyrus IMAPD (YOU Patch Number 12520) NASL family SuSE Local Security Checks NASL id SUSE_DOVECOT-6539.NASL description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) last seen 2020-06-01 modified 2020-06-02 plugin id 42104 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42104 title openSUSE 10 Security Update : dovecot (dovecot-6539) NASL family SuSE Local Security Checks NASL id SUSE_11_0_DOVECOT-091007.NASL description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) last seen 2020-06-01 modified 2020-06-02 plugin id 42102 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42102 title openSUSE Security Update : dovecot (dovecot-1366) NASL family SuSE Local Security Checks NASL id SUSE_CYRUS-IMAPD-6521.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 49843 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49843 title SuSE 10 Security Update : Cyrus IMAPD (ZYPP Patch Number 6521) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1459.NASL description Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 43795 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43795 title CentOS 4 / 5 : cyrus-imapd (CESA-2009:1459) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-196.NASL description A vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). Packages for 2009.1 were missing with the previous MDVSA-2009:242 update. This update corrects this. This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 49743 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49743 title Mandriva Linux Security Advisory : dovecot (MDVSA-2010:196) NASL family SuSE Local Security Checks NASL id SUSE_11_1_DOVECOT-091008.NASL description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235) last seen 2020-06-01 modified 2020-06-02 plugin id 42103 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42103 title openSUSE Security Update : dovecot (dovecot-1366) NASL family SuSE Local Security Checks NASL id SUSE_CYRUS-IMAPD-6511.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 42322 published 2009-10-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42322 title openSUSE 10 Security Update : cyrus-imapd (cyrus-imapd-6511) NASL family Fedora Local Security Checks NASL id FEDORA_2009-9559.NASL description dovecot-sieve updated to 1.1.7 It is derived from CMU sieve used by cyrus- imapd and was affected by CVE-2009-2632 too. See upstream announcement for further details: http://dovecot.org/list/dovecot- news/2009-September/000135.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40992 published 2009-09-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40992 title Fedora 10 : dovecot-1.1.18-2.fc10 (2009-9559) NASL family SuSE Local Security Checks NASL id SUSE_11_1_CYRUS-IMAPD-090924.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 42316 published 2009-10-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42316 title openSUSE Security Update : cyrus-imapd (cyrus-imapd-1337) NASL family Scientific Linux Local Security Checks NASL id SL_20090923_CYRUS_IMAPD_ON_SL4_X.NASL description CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) After installing the update, cyrus-imapd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60669 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60669 title Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1892.NASL description It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 44757 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44757 title Debian DSA-1892-1 : dovecot - buffer overflow NASL family SuSE Local Security Checks NASL id SUSE_CYRUS-IMAPD-6509.NASL description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved. last seen 2020-06-01 modified 2020-06-02 plugin id 42302 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42302 title SuSE 10 Security Update : Cyrus IMAPD (ZYPP Patch Number 6509) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-04.NASL description The remote host is affected by the vulnerability described in GLSA-201110-04 (Dovecot: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities to cause the remote execution of arbitrary code, or a Denial of Service condition, to conduct directory traversal attacks, corrupt data, or disclose information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56446 published 2011-10-11 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56446 title GLSA-201110-04 : Dovecot: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1893.NASL description It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity. last seen 2020-06-01 modified 2020-06-02 plugin id 44758 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44758 title Debian DSA-1893-1 : cyrus-imapd-2.2 kolab-cyrus-imapd - buffer overflow
Oval
| accepted | 2013-04-29T04:06:20.573-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10515 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | ||||||||||||||||||||||||
| version | 28 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://dovecot.org/list/dovecot-news/2009-September/000135.html
- http://dovecot.org/list/dovecot-news/2009-September/000135.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://secunia.com/advisories/36698
- http://secunia.com/advisories/36698
- http://secunia.com/advisories/36713
- http://secunia.com/advisories/36713
- http://secunia.com/advisories/36904
- http://secunia.com/advisories/36904
- http://support.apple.com/kb/HT3937
- http://support.apple.com/kb/HT3937
- http://www.openwall.com/lists/oss-security/2009/09/14/3
- http://www.openwall.com/lists/oss-security/2009/09/14/3
- http://www.osvdb.org/58103
- http://www.osvdb.org/58103
- http://www.securityfocus.com/bid/36377
- http://www.securityfocus.com/bid/36377
- http://www.ubuntu.com/usn/USN-838-1
- http://www.ubuntu.com/usn/USN-838-1
- http://www.vupen.com/english/advisories/2009/2641
- http://www.vupen.com/english/advisories/2009/2641
- http://www.vupen.com/english/advisories/2009/3184
- http://www.vupen.com/english/advisories/2009/3184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53248
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53248
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515
- https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html
- https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html