Oval Definition:oval:org.mitre.oval:def:7879
Revision Date:2014-06-23Version:18
Title:DSA-1893 cyrus-imapd-2.2 kolab-cyrus-imapd -- buffer overflow
Description:It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2632
CVE-2009-3235
DSA-1893
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):cyrus-imapd-2.2
kolab-cyrus-imapd
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • cyrus-doc-2.2 is earlier than 2.2.13-14+lenny3
  • OR kolab-cyrus-admin is earlier than 2.2.13-5+lenny2
  • OR cyrus-admin-2.2 is earlier than 2.2.13-14+lenny3
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • cyrus-clients-2.2 is earlier than 2.2.13-14+lenny3
  • OR kolab-libcyrus-imap-perl is earlier than 2.2.13-5+lenny2
  • OR kolab-cyrus-common is earlier than 2.2.13-5+lenny2
  • OR cyrus-nntpd-2.2 is earlier than 2.2.13-14+lenny3
  • OR cyrus-imapd-2.2 is earlier than 2.2.13-14+lenny3
  • OR kolab-cyrus-imapd is earlier than 2.2.13-5+lenny2
  • OR cyrus-dev-2.2 is earlier than 2.2.13-14+lenny3
  • OR cyrus-pop3d-2.2 is earlier than 2.2.13-14+lenny3
  • OR cyrus-common-2.2 is earlier than 2.2.13-14+lenny3
  • OR libcyrus-imap-perl22 is earlier than 2.2.13-14+lenny3
  • OR kolab-cyrus-pop3d is earlier than 2.2.13-5+lenny2
  • OR kolab-cyrus-clients is earlier than 2.2.13-5+lenny2
  • OR cyrus-murder-2.2 is earlier than 2.2.13-14+lenny3
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • cyrus-doc-2.2 is earlier than 2.2.13-10+etch4
  • OR kolab-cyrus-admin is earlier than 2.2.13-2+etch2
  • OR cyrus-admin-2.2 is earlier than 2.2.13-10+etch4
  • OR cyrus-clients-2.2 is earlier than 2.2.13-10+etch4
  • OR cyrus-nntpd-2.2 is earlier than 2.2.13-10+etch4
  • OR cyrus-imapd-2.2 is earlier than 2.2.13-10+etch4
  • OR cyrus-dev-2.2 is earlier than 2.2.13-10+etch4
  • OR cyrus-pop3d-2.2 is earlier than 2.2.13-10+etch4
  • OR cyrus-common-2.2 is earlier than 2.2.13-10+etch4
  • OR libcyrus-imap-perl22 is earlier than 2.2.13-10+etch4
  • OR cyrus-murder-2.2 is earlier than 2.2.13-10+etch4
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is powerpc
  • OR Installed architecture is hppa
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is mipsel
  • OR Installed architecture is arm
  • AND Packages section
  • kolab-libcyrus-imap-perl is earlier than 2.2.13-2+etch2
  • OR kolab-cyrus-pop3d is earlier than 2.2.13-2+etch2
  • OR kolab-cyrus-clients is earlier than 2.2.13-2+etch2
  • OR kolab-cyrus-common is earlier than 2.2.13-2+etch2
  • OR kolab-cyrus-imapd is earlier than 2.2.13-2+etch2
    • BACK