CVE-2009-2632 Information

Description

Buffer overflow in the SIEVE script component (sieve/script.c) as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script related to the incorrect use of the sizeof operator for determining buffer length combined with an integer signedness error.

Reference

http://dovecot.org/list/dovecot-news/2009-September/000135.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36629 http://secunia.com/advisories/36632 http://secunia.com/advisories/36698 http://secunia.com/advisories/36713 http://secunia.com/advisories/36904 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2009/dsa-1881 http://www.openwall.com/lists/oss-security/2009/09/14/3 http://www.osvdb.org/58103 http://www.securityfocus.com/bid/36296 http://www.securityfocus.com/bid/36377 http://www.ubuntu.com/usn/USN-838-1 http://www.vupen.com/english/advisories/2009/2559 http://www.vupen.com/english/advisories/2009/2641 https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10082 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html