Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host has Dovecot Sieve Plugin installed and is prone to multiple Buffer Overflow Vulnerabilities

Impact

Successful attack could allow malicious people to crash an affected application or execute arbitrary code. Impact Level: Application

Solution

Apply the patch or upgrade to Dovecot version 1.1.4 or 1.1.7 http://www.dovecot.org/download.html http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628 http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

Multiple buffer overflow errors in the CMU libsieve when processing malicious SIEVE scripts.

Affected

Dovecot versions 1.0 before 1.0.4 and 1.1 before 1.1.7

References

http://www.dovecot.org/list/dovecot-news/2009-September/000135.html
http://www.vupen.com/english/advisories/2009/2641
http://xforce.iss.net/xforce/xfdb/53248

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3235
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache mod_proxy content-length buffer overflow
CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
Bopup Communication Server Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities