ID CVE-2009-3235
Summary Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
References
Vulnerable Configurations
  • cpe:2.3:a:dovecot:dovecot:1.0
    cpe:2.3:a:dovecot:dovecot:1.0
  • cpe:2.3:a:dovecot:dovecot:1.0.2
    cpe:2.3:a:dovecot:dovecot:1.0.2
  • cpe:2.3:a:dovecot:dovecot:1.0.3
    cpe:2.3:a:dovecot:dovecot:1.0.3
  • cpe:2.3:a:dovecot:dovecot:1.1
    cpe:2.3:a:dovecot:dovecot:1.1
  • cpe:2.3:a:dovecot:dovecot:1.1.0
    cpe:2.3:a:dovecot:dovecot:1.1.0
  • cpe:2.3:a:dovecot:dovecot:1.1.1
    cpe:2.3:a:dovecot:dovecot:1.1.1
  • cpe:2.3:a:dovecot:dovecot:1.1.2
    cpe:2.3:a:dovecot:dovecot:1.1.2
  • cpe:2.3:a:dovecot:dovecot:1.1.3
    cpe:2.3:a:dovecot:dovecot:1.1.3
  • cpe:2.3:a:dovecot:dovecot:1.1.4
    cpe:2.3:a:dovecot:dovecot:1.1.4
  • cpe:2.3:a:dovecot:dovecot:1.1.5
    cpe:2.3:a:dovecot:dovecot:1.1.5
  • cpe:2.3:a:dovecot:dovecot:1.1.6
    cpe:2.3:a:dovecot:dovecot:1.1.6
  • cpe:2.3:a:dovecot:dovecot:1.0.1
    cpe:2.3:a:dovecot:dovecot:1.0.1
CVSS
Base: 7.5 (as of 17-09-2009 - 12:17)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-196.NASL
    description A vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). Packages for 2009.1 were missing with the previous MDVSA-2009:242 update. This update corrects this. This update provides a solution to this vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 49743
    published 2010-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49743
    title Mandriva Linux Security Advisory : dovecot (MDVSA-2010:196)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-838-1.NASL
    description It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled '..' in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. (CVE-2008-5301) It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code. (CVE-2009-2632, CVE-2009-3235). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 41940
    published 2009-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41940
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : dovecot vulnerabilities (USN-838-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1459.NASL
    description Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43795
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43795
    title CentOS 4 / 5 : cyrus-imapd (CESA-2009:1459)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_CYRUS-IMAPD-090924.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42316
    published 2009-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42316
    title openSUSE Security Update : cyrus-imapd (cyrus-imapd-1337)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_CYRUS-IMAPD-090924.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42314
    published 2009-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42314
    title openSUSE Security Update : cyrus-imapd (cyrus-imapd-1337)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CYRUS-IMAPD-6509.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 42302
    published 2009-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42302
    title SuSE 10 Security Update : Cyrus IMAPD (ZYPP Patch Number 6509)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CYRUS-IMAPD-6511.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42322
    published 2009-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42322
    title openSUSE 10 Security Update : cyrus-imapd (cyrus-imapd-6511)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12520.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 42299
    published 2009-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42299
    title SuSE9 Security Update : Cyrus IMAPD (YOU Patch Number 12520)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-9869.NASL
    description Fixed multiple stack-based buffer overflows in libsieve, which allowed context- dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 41613
    published 2009-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41613
    title Fedora 10 : cyrus-imapd-2.3.15-1.fc10 (2009-9869)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-9559.NASL
    description dovecot-sieve updated to 1.1.7 It is derived from CMU sieve used by cyrus- imapd and was affected by CVE-2009-2632 too. See upstream announcement for further details: http://dovecot.org/list/dovecot- news/2009-September/000135.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 40992
    published 2009-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40992
    title Fedora 10 : dovecot-1.1.18-2.fc10 (2009-9559)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1893.NASL
    description It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44758
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44758
    title Debian DSA-1893-1 : cyrus-imapd-2.2 kolab-cyrus-imapd - buffer overflow
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1459.NASL
    description From Red Hat Security Advisory 2009:1459 : Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 67930
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67930
    title Oracle Linux 4 / 5 : cyrus-imapd (ELSA-2009-1459)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_DOVECOT-091007.NASL
    description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42102
    published 2009-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42102
    title openSUSE Security Update : dovecot (dovecot-1366)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-9901.NASL
    description Fixed multiple stack-based buffer overflows in libsieve, which allowed context- dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 41614
    published 2009-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41614
    title Fedora 11 : cyrus-imapd-2.3.15-1.fc11 (2009-9901)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090923_CYRUS_IMAPD_ON_SL4_X.NASL
    description CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60669
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60669
    title Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-04 (Dovecot: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities to cause the remote execution of arbitrary code, or a Denial of Service condition, to conduct directory traversal attacks, corrupt data, or disclose information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56446
    published 2011-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56446
    title GLSA-201110-04 : Dovecot: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CYRUS-IMAPD-6521.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49843
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49843
    title SuSE 10 Security Update : Cyrus IMAPD (ZYPP Patch Number 6521)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-242.NASL
    description A vulnerability was discovered and corrected in dovecot : Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235). This update provides a solution to this vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 41050
    published 2009-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41050
    title Mandriva Linux Security Advisory : dovecot (MDVSA-2009:242)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CYRUS-IMAPD-090924.NASL
    description This update fixes another buffer overflow in the Sieve code (CVE-2009-3235). This can be exploited by users allowed to use their own sieve scripts to execute arbitrary code remotely. Additionally the handling of long headers was improved.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 42300
    published 2009-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42300
    title SuSE 11 Security Update : Cyrus IMAPD (SAT Patch Number 1335)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1459.NASL
    description Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 41065
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41065
    title RHEL 4 / 5 : cyrus-imapd (RHSA-2009:1459)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1892.NASL
    description It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44757
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44757
    title Debian DSA-1892-1 : dovecot - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_DOVECOT-6539.NASL
    description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42104
    published 2009-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42104
    title openSUSE 10 Security Update : dovecot (dovecot-6539)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_DOVECOT-091008.NASL
    description This update of dovecot fixes two buffer overflows in the sieve plug-in (CVE-2009-2632, CVE-2009-3235)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42103
    published 2009-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42103
    title openSUSE Security Update : dovecot (dovecot-1366)
oval via4
accepted 2013-04-29T04:06:20.573-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
family unix
id oval:org.mitre.oval:def:10515
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
version 25
redhat via4
advisories
bugzilla
id 523910
title CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.2.12-10.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091459002
        • comment cyrus-imapd is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116003
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.2.12-10.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091459012
        • comment cyrus-imapd-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116005
      • AND
        • comment cyrus-imapd-murder is earlier than 0:2.2.12-10.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091459008
        • comment cyrus-imapd-murder is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116007
      • AND
        • comment cyrus-imapd-nntp is earlier than 0:2.2.12-10.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091459010
        • comment cyrus-imapd-nntp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116013
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.2.12-10.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091459004
        • comment cyrus-imapd-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116011
      • AND
        • comment perl-Cyrus is earlier than 0:2.2.12-10.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091459006
        • comment perl-Cyrus is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091116009
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment cyrus-imapd is earlier than 0:2.3.7-7.el5_4.3
          oval oval:com.redhat.rhsa:tst:20091459015
        • comment cyrus-imapd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116016
      • AND
        • comment cyrus-imapd-devel is earlier than 0:2.3.7-7.el5_4.3
          oval oval:com.redhat.rhsa:tst:20091459017
        • comment cyrus-imapd-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116020
      • AND
        • comment cyrus-imapd-perl is earlier than 0:2.3.7-7.el5_4.3
          oval oval:com.redhat.rhsa:tst:20091459021
        • comment cyrus-imapd-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116022
      • AND
        • comment cyrus-imapd-utils is earlier than 0:2.3.7-7.el5_4.3
          oval oval:com.redhat.rhsa:tst:20091459019
        • comment cyrus-imapd-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091116018
rhsa
id RHSA-2009:1459
released 2009-09-23
severity Important
title RHSA-2009:1459: cyrus-imapd security update (Important)
rpms
  • cyrus-imapd-0:2.2.12-10.el4_8.4
  • cyrus-imapd-devel-0:2.2.12-10.el4_8.4
  • cyrus-imapd-murder-0:2.2.12-10.el4_8.4
  • cyrus-imapd-nntp-0:2.2.12-10.el4_8.4
  • cyrus-imapd-utils-0:2.2.12-10.el4_8.4
  • perl-Cyrus-0:2.2.12-10.el4_8.4
  • cyrus-imapd-0:2.3.7-7.el5_4.3
  • cyrus-imapd-devel-0:2.3.7-7.el5_4.3
  • cyrus-imapd-perl-0:2.3.7-7.el5_4.3
  • cyrus-imapd-utils-0:2.3.7-7.el5_4.3
refmap via4
apple APPLE-SA-2009-11-09-1
bid 36377
confirm http://support.apple.com/kb/HT3937
fedora FEDORA-2009-9559
mlist
  • [Dovecot-news] 20090914 Security holes in CMU Sieve plugin
  • [oss-security] 20090914 Re: CVE for recent cyrus-imap issue
osvdb 58103
secunia
  • 36698
  • 36713
  • 36904
suse
  • SUSE-SR:2009:016
  • SUSE-SR:2009:018
ubuntu USN-838-1
vupen
  • ADV-2009-2641
  • ADV-2009-3184
xf cmu-sieve-dovecot-unspecified-bo(53248)
Last major update 06-07-2013 - 02:41
Published 17-09-2009 - 06:30
Last modified 18-09-2017 - 21:29
Back to Top