Vulnerability Note VU#336053

Cyrus IMAPd buffer overflow vulnerability

Original Release date: 09 Sep 2009 | Last revised: 11 Sep 2009

Overview

The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code.

Description

The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered by a specially crafted SIEVE script. To install this type of script, the attacker would need to have direct access to a mail account on the server.

Impact

An attacker with the ability to install SIEVE scripts may be able to gain elevated privileges and use the new permissions to execute code, read other user's mail, or send spoofed email messages.

Solution

Update

The Cyrus IMAP team has released an update to address this issue. See http://lists.andrew.cmu.edu/pipermail/cyrus-announce/2009-September/000068.html for more information.


Disable SIEVE

Administrators who compile Cyrus IMAP from source can use the --disable-sieve option to mitigate this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected04 Sep 200910 Sep 2009
SUSE LinuxAffected04 Sep 200910 Sep 2009
The SCO GroupAffected04 Sep 200908 Sep 2009
Slackware Linux Inc.Not Affected04 Sep 200911 Sep 2009
Sun Microsystems, Inc.Not Affected04 Sep 200910 Sep 2009
Apple Inc.Unknown04 Sep 200905 Sep 2009
Conectiva Inc.Unknown04 Sep 200905 Sep 2009
Cray Inc.Unknown04 Sep 200905 Sep 2009
DragonFly BSD ProjectUnknown04 Sep 200905 Sep 2009
EMC CorporationUnknown04 Sep 200905 Sep 2009
Engarde Secure LinuxUnknown04 Sep 200905 Sep 2009
F5 Networks, Inc.Unknown04 Sep 200905 Sep 2009
Fedora ProjectUnknown04 Sep 200905 Sep 2009
FreeBSD, Inc.Unknown04 Sep 200905 Sep 2009
FujitsuUnknown04 Sep 200905 Sep 2009
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to the Cyrus IMAP development team and Bron Gondwana for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2009-2632
  • Date Public: 07 Sep 2009
  • Date First Published: 09 Sep 2009
  • Date Last Updated: 11 Sep 2009
  • Severity Metric: 0.56
  • Document Revision: 18

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.