VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
JVNVU#336053     ( CVE-2009-2632 | VU#336053 )
Cyrus IMAPd にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU336053/index.html

Cyrus IMAP サーバには、バッファオーバーフローの脆弱性が存在します。




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2009-09-10
Source Information Category:
 		Advisory, Alert
 		Last Updated:
 		2009-09-10




Affected Product Tags
lapt:/a:project_cyrus:cyrus_imapd     (Cyrus IMAPd)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

Low-Medium [?]
X Medium-High [?]
High [?]
[Access Required] [?]
Physical [?]

Local [?]
Non-routed [?]
X Routed [?]
[Authentication] [?]
Privileged [?]

Standard [?]
X Limited [?]
None or Unnecessary [?]
[User Interaction Required] [?]
Complex [?]

Simple [?]
X None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
X Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
X Official Patch [?]

Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
None [?]

Exploit or PoC [?]
Activity Observed [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2009-2632
Buffer overflow in the SIEVE script component (sieve/script.c) incyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local usersto execute arbitrary code and read or modify arbitrary messages via acrafted SIEVE script, related to the incorrect use of the sizeofoperator for determining buffer length, combined with an integersignedness error.




US-CERT Vulnerability Note VU#336053 Cyrus IMAPd buffer overflow vulnerability
The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code.








References
Copyright © 2009 JPCERT/CC All Rights Reserved.