Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-3235

Опубликовано: 14 сент. 2009
Источник: redhat
CVSS2: 6.5
EPSS Низкий

Описание

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

Меры по смягчению последствий

All these additional overflows are sprintf()s to static char buffers. On Red Hat Enterprise Linux 5 and later (including all current Fedora versoins), these overflows are caught by FORTIFY_SOURCE reducing the impact to controlled abort of one of the cyrus-imapd child processes that are later re-spawned by the master.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=523910cyrus-impad: CMU sieve buffer overflows

EPSS

Процентиль: 86%
0.02957
Низкий

6.5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-3235

ubuntu
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

nvd логотип

CVE-2009-3235

nvd
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

debian логотип

CVE-2009-3235

debian
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1 ...

github логотип

GHSA-vm7h-xxvx-g2fw

github
около 3 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

oracle-oval логотип

ELSA-2009-1459

oracle-oval
больше 15 лет назад

ELSA-2009-1459: cyrus-imapd security update (IMPORTANT)

EPSS

Процентиль: 86%
0.02957
Низкий

6.5 Medium

CVSS2