7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
cyrus-imapd is vulnerable to arbitrary code execution. The vulnerability exists as an authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user.
dovecot.org/list/dovecot-news/2009-September/000135.html
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
secunia.com/advisories/36698
secunia.com/advisories/36713
secunia.com/advisories/36904
support.apple.com/kb/HT3937
www.openwall.com/lists/oss-security/2009/09/14/3
www.osvdb.org/58103
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/bid/36377
www.ubuntu.com/usn/USN-838-1
www.vupen.com/english/advisories/2009/2641
www.vupen.com/english/advisories/2009/3184
access.redhat.com/errata/RHSA-2009:1459
exchange.xforce.ibmcloud.com/vulnerabilities/53248
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515
www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html