Summary
This host has Dovecot Sieve Plugin installed and is prone to multiple Buffer Overflow Vulnerabilities
Impact
Successful attack could allow malicious people to crash an affected application or execute arbitrary code.
Impact Level: Application
Solution
Apply the patch or upgrade to Dovecot version 1.1.4 or 1.1.7 http://www.dovecot.org/download.html
http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628 http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d
*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****
Insight
Multiple buffer overflow errors in the CMU libsieve when processing malicious SIEVE scripts.
Affected
Dovecot versions 1.0 before 1.0.4 and 1.1 before 1.1.7
References
Severity
Classification
-
CVE CVE-2009-3235 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache mod_proxy content-length buffer overflow
- CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
- Bopup Communication Server Remote Buffer Overflow Vulnerability