{"vuid":"VU#336053","idnumber":"336053","name":"Cyrus IMAPd buffer overflow vulnerability","keywords":["Cyrus","IMAPD"],"overview":"The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code.","clean_desc":"The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered by a specially crafted SIEVE script. To install this type of script, the attacker would need to have direct access to a mail account on the server.","impact":"An attacker with the ability to install SIEVE scripts may be able to gain elevated privileges and use the new permissions to execute code, read other user's mail, or send spoofed email messages.","resolution":"Update The Cyrus IMAP team has released an update to address this issue. See http://lists.andrew.cmu.edu/pipermail/cyrus-announce/2009-September/000068.html for more information.","workarounds":"Disable SIEVE Administrators who compile Cyrus IMAP from source can use the --disable-sieve option to mitigate this issue.","sysaffected":"","thanks":"Thanks to the Cyrus IMAP development team and Bron Gondwana for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://lists.andrew.cmu.edu/pipermail/cyrus-announce/2009-September/000068.html","http://cyrusimap.web.cmu.edu/imapd/install-compile.html","http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)"],"cveids":["CVE-2009-2632"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-09-03T13:09:07Z","publicdate":"2009-09-07T00:00:00Z","datefirstpublished":"2009-09-09T18:20:51Z","dateupdated":"2009-09-11T13:15:52Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"1","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"7","cam_scorecurrent":"0.56109375","cam_scorecurrentwidelyknown":"0.70875","cam_scorecurrentwidelyknownexploited":"1.299375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.56109375,"vulnote":null}