Oval Definition:oval:org.mitre.oval:def:10082
Revision Date:2013-04-29Version:13
Title:Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Description:Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-2632
Platform(s):CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • perl-Cyrus is earlier than 0:2.2.12-10.el4_8.4
  • OR cyrus-imapd-devel is earlier than 0:2.2.12-10.el4_8.4
  • OR cyrus-imapd-murder is earlier than 0:2.2.12-10.el4_8.4
  • OR cyrus-imapd-nntp is earlier than 0:2.2.12-10.el4_8.4
  • OR cyrus-imapd is earlier than 0:2.2.12-10.el4_8.4
  • OR cyrus-imapd-utils is earlier than 0:2.2.12-10.el4_8.4
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • cyrus-imapd-perl is earlier than 0:2.3.7-7.el5_4.3
  • OR cyrus-imapd-devel is earlier than 0:2.3.7-7.el5_4.3
  • OR cyrus-imapd is earlier than 0:2.3.7-7.el5_4.3
  • OR cyrus-imapd-utils is earlier than 0:2.3.7-7.el5_4.3
    • BACK