CVE-2009-2632

Name of the Vulnerable Software and Affected Versions cyrus-imapd versions 2.2.13 through 2.3.14 Dovecot versions 1.0 through 1.0.3 Dovecot versions 1.1 through 1.1.6

Description A buffer overflow in the SIEVE script component, as used in cyrus-imapd and Dovecot, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script. This issue is related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

Recommendations For cyrus-imapd versions 2.2.13 through 2.3.14, update to a version that fixes the buffer overflow issue in the SIEVE script component. For Dovecot versions 1.0 through 1.0.3, update to version 1.0.4 or later. For Dovecot versions 1.1 through 1.1.6, update to version 1.1.7 or later.