Executive Summary
Summary | |
---|---|
Title | New cyrus-imapd packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1881 | First vendor Publication | 2009-09-07 |
Vendor | Debian | Last vendor Modification | 2009-09-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. For the oldstable distribution (etch), this problem has been fixed in version 2.2.13-10+etch2. For the stable distribution (lenny), this problem has been fixed in version 2.2.13-14+lenny1. For the testing (squeeze) and unstable (sid) distribution, this problem will be fixed soon. We recommend that you upgrade your cyrus-imapd-2.2 packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1881 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10082 | |||
Oval ID: | oval:org.mitre.oval:def:10082 | ||
Title: | Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | ||
Description: | Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2632 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-16 (Cyrus IMAP Server) File : nvt/glsa_201110_16.nasl |
2011-08-09 | Name : CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386 File : nvt/gb_CESA-2009_1459_cyrus-imapd_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386 File : nvt/gb_CESA-2009_1459_cyrus-imapd_centos5_i386.nasl |
2010-10-19 | Name : Mandriva Update for dovecot MDVSA-2010:196 (dovecot) File : nvt/gb_mandriva_MDVSA_2010_196.nasl |
2010-08-02 | Name : Cyrus IMAP Server SIEVE Script Handling Buffer Overflow Vulnerability File : nvt/secpod_cyrus_imap_server_bof_vuln.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd) File : nvt/mdksa_2009_229_1.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-06 | Name : Ubuntu USN-838-1 (dovecot) File : nvt/ubuntu_838_1.nasl |
2009-09-28 | Name : Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd) File : nvt/deb_1893_1.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:242 (dovecot) File : nvt/mdksa_2009_242.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:242-1 (dovecot) File : nvt/mdksa_2009_242_1.nasl |
2009-09-28 | Name : CentOS Security Advisory CESA-2009:1459 (cyrus-imapd) File : nvt/ovcesa2009_1459.nasl |
2009-09-28 | Name : Debian Security Advisory DSA 1892-1 (dovecot) File : nvt/deb_1892_1.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1459 File : nvt/RHSA_2009_1459.nasl |
2009-09-15 | Name : FreeBSD Ports: cyrus-imapd File : nvt/freebsd_cyrus-imapd4.nasl |
2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9559 (dovecot) File : nvt/fcore_2009_9559.nasl |
2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd) File : nvt/fcore_2009_9417.nasl |
2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd) File : nvt/mdksa_2009_229.nasl |
2009-09-15 | Name : Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2) File : nvt/deb_1881_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57843 | Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Craft... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1459.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090923_cyrus_imapd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-16.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-196.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1881.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1893.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1892.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1459.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_dovecot-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_dovecot-091008.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote openSUSE host is missing a security update. File : suse_dovecot-6539.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_cyrus-imapd-6483.nasl - Type : ACT_GATHER_INFO |
2009-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-838-1.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1459.nasl - Type : ACT_GATHER_INFO |
2009-09-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-242.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cyrus-imapd-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cyrus-imapd-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9559.nasl - Type : ACT_GATHER_INFO |
2009-09-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-229.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_012b495c9d5111de8d20001bd3385381.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:48 |
|