DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.">

Oval Definition:	oval:org.mitre.oval:def:20174
Revision Date: 2014-06-23 Version: 6 Title: DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd - arbitrary code execution Description: It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-2632 CVE-2009-3235 DSA-1893-1 Platform(s): Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 Product(s): cyrus-imapd-2.2 kolab-cyrus-imapd Definition Synopsis Release section Debian GNU/Linux 4.0 is installed. AND Packages match section cyrus-imapd-2.2 DPKG is earlier than 0:2.2.13-10+etch4 OR kolab-cyrus-imapd DPKG is earlier than 0:2.2.13-2+etch2 Release section Debian GNU/Linux 5.0 is installed AND Packages match section cyrus-imapd-2.2 DPKG is earlier than 0:2.2.13-14+lenny3 OR kolab-cyrus-imapd DPKG is earlier than 0:2.2.13-5+lenny2
BACK