Vulnerability Name:

CVE-2009-2632 (CCN-53097)

Assigned:2009-09-07
Published:2009-09-07
Updated:2017-09-19
Summary:Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Project Cyrus Web page
Project Cyrus

Source: MITRE
Type: CNA
CVE-2009-2632

Source: MLIST
Type: UNKNOWN
[Dovecot-news] 20090914 Security holes in CMU Sieve plugin

Source: CCN
Type: Kolab Security Issue 24 20091002
Kolab Server, Cyrus IMAP Server

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:016

Source: CCN
Type: RHSA-2009-1459
Important: cyrus-imapd security update

Source: CCN
Type: SA36629
Cyrus IMAP Server Sieve Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
36629

Source: SECUNIA
Type: Vendor Advisory
36632

Source: CCN
Type: SA36698
Dovecot CMU Sieve Plugin Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
36698

Source: SECUNIA
Type: UNKNOWN
36713

Source: SECUNIA
Type: UNKNOWN
36904

Source: CCN
Type: SA36932
Kolab Server Cyrus IMAP Sieve Processing Buffer Overflow

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: DEBIAN
Type: Patch
DSA-1881

Source: DEBIAN
Type: DSA-1881
cyrus-imapd-2.2 -- buffer overflow

Source: DEBIAN
Type: DSA-1892
dovecot -- buffer overflow

Source: DEBIAN
Type: DSA-1893
kolab-cyrus-imapd -- buffer overflow

Source: CCN
Type: Dovecot-news Mailing List, Mon Sep 14 02:56:22 EEST 2009
Security holes in CMU Sieve plugin

Source: CCN
Type: US-CERT VU#336053
Cyrus IMAPd buffer overflow vulnerability

Source: MLIST
Type: UNKNOWN
[oss-security] 20090914 Re: CVE for recent cyrus-imap issue

Source: OSVDB
Type: UNKNOWN
58103

Source: CCN
Type: OSVDB ID: 57843
Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow

Source: CCN
Type: OSVDB ID: 58103
Dovecot CMU Sieve Plugin Script Handling Multiple Overflows

Source: BID
Type: Patch
36296

Source: CCN
Type: BID-36296
Cyrus IMAP Server SIEVE Script Local Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
36377

Source: CCN
Type: BID-36377
Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities

Source: CCN
Type: USN-838-1
Dovecot vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-838-1

Source: CCN
Type: DSA-1881-1
cyrus-imapd-2.2 -- buffer overflow

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-2559

Source: VUPEN
Type: UNKNOWN
ADV-2009-2641

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail

Source: XF
Type: UNKNOWN
cyrus-imap-sieve-bo(53097)

Source: MLIST
Type: UNKNOWN
[Cyrus-CVS] 20090902 src/sieve by brong

Source: MLIST
Type: UNKNOWN
[Cyrus-CVS] 20090902 src/sieve by brong

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10082

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-9559

Source: SUSE
Type: SUSE-SR:2009:016
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20092632
    V
    		CVE-2009-2632
    2017-09-27
    oval:org.mitre.oval:def:28758
    P
    		RHSA-2009:1459 -- cyrus-imapd security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:13646
    P
    		USN-838-1 -- dovecot vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18608
    P
    		DSA-1892-1 dovecot - arbitrary code execution
    2014-06-23
    oval:org.mitre.oval:def:8390
    P
    		DSA-1892 dovecot -- buffer overflow
    2014-06-23
    oval:org.mitre.oval:def:20174
    P
    		DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd - arbitrary code execution
    2014-06-23
    oval:org.mitre.oval:def:7879
    P
    		DSA-1893 cyrus-imapd-2.2 kolab-cyrus-imapd -- buffer overflow
    2014-06-23
    oval:org.mitre.oval:def:22982
    P
    		ELSA-2009:1459: cyrus-imapd security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:10082
    V
    		Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
    2013-04-29
    oval:com.redhat.rhsa:def:20091459
    P
    		RHSA-2009:1459: cyrus-imapd security update (Important)
    2009-09-23
    oval:org.debian:def:1892
    V
    		buffer overflow
    2009-09-23
    oval:org.debian:def:1893
    V
    		buffer overflow
    2009-09-23
    BACK
    cmu cyrus imap server 2.2.13
    cmu cyrus imap server 2.3.14
    cmu cyrus imap server 2.2.13
    cmu cyrus imap server 2.3.14
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    debian debian linux 5.0
    mandriva linux 2009.1
    mandriva linux 2009.1
    apple mac os x server 10.5.8
    mandriva enterprise server 5
    mandriva enterprise server 5