Debian: DSA-1893-1 Critical: cyrus-imapd Buffer Overflow Issue
debian
September 24, 2009
It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts
Summary
It was discovered that the SIEVE component of cyrus-imapd and
kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer
overflow when processing SIEVE scripts.
This can be used to elevate privileges to the cyrus system user. An
attacker who is able to install SIEVE scripts executed by the server is
therefore able to read and modify arbitrary email messages on the
system. The update introduced by DSA 1881-1 was incomplete and the issue
has been given an additional CVE id due to its complexity.
For the oldstable distribution (etch), this problem has been fixed in
version 2.2.13-10+etch4 for cyrus-imapd-2.2 and version 2.2.13-2+etch2
for kolab-cyrus-imapd.
For the stable distribution (lenny), this problem has been fixed in
version 2.2.13-14+lenny3 for cyrus-imapd-2.2, version 2.2.13-5+lenny2
for kolab-cyrus-imapd.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.2.13-15 for cyrus-imapd-2.2,...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Packages: cyrus-imapd-2.2 kolab-cyrus-imapd
CVE ID: CVE-2009-2632 CVE-2009-3235
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!