Cyrus IMAP Server SIEVE Script Handling Buffer Overflow Vulnerability

Summary
This host is running Cyrus IMAP Server and is prone to buffer overflow vulnerability.
Impact
Successful exploitation will allow attackers to crash an affected server or execute arbitrary code via a malicious SIEVE Script. Impact Level: Application
Solution
Apply patches or upgrade to the latest version, http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.67&r2=1.68 http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****
Insight
The flaw is caused is due to error in the handling of 'SIEVE' Script, that fails to perform adequate boundary checks on user-supplied data.
Affected
Cyrus IMAP Server versions 2.3.14 and prior.
References