7.1 High
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.6%
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
CPE | Name | Operator | Version |
---|---|---|---|
cmu:cyrus_imap_server | cmu cyrus imap server | eq | 2.3.14 |
cmu:cyrus_imap_server | cmu cyrus imap server | eq | 2.2.13 |
dovecot.org/list/dovecot-news/2009-September/000135.html
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
secunia.com/advisories/36629
secunia.com/advisories/36632
secunia.com/advisories/36698
secunia.com/advisories/36713
secunia.com/advisories/36904
support.apple.com/kb/HT4077
www.debian.org/security/2009/dsa-1881
www.openwall.com/lists/oss-security/2009/09/14/3
www.osvdb.org/58103
www.securityfocus.com/bid/36296
www.securityfocus.com/bid/36377
www.ubuntu.com/usn/USN-838-1
www.vupen.com/english/advisories/2009/2559
www.vupen.com/english/advisories/2009/2641
bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082
www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html