LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2009:229 ] cyrus-imapd Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:229
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cyrus-imapd
 Date    : September 11, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in cyrus-imapd:
 
 Buffer overflow in the SIEVE script component (sieve/script.c) in
 cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users
 to execute arbitrary code and read or modify arbitrary messages via
 a crafted SIEVE script, related to the incorrect use of the sizeof
 operator for determining buffer length, combined with an integer
 signedness error (CVE-2009-2632).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 8cc343d32cbe0bb7498e48c545e43508  2008.1/i586/cyrus-imapd-2.3.11-6.1mdv2008.1.i586.rpm
 7977c0b95053bdcc23cf0272762aae6a  2008.1/i586/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.i586.rpm
 67bbec2bd3009cc6cea47fa4cd48fdbc  2008.1/i586/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.i586.rpm
 c764b6d6b5d1b6c81b0ad496ff546caf  2008.1/i586/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.i586.rpm
 f146d72d5e0094dae92c5f775445e9b9  2008.1/i586/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.i586.rpm
 69eb50891cbf82c122320a0f619f4cdc  2008.1/i586/perl-Cyrus-2.3.11-6.1mdv2008.1.i586.rpm 
 1ff485cd9434cf4fd67194d6528028b4  2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 010faa01f06afbda030527cd2aa0683c  2008.1/x86_64/cyrus-imapd-2.3.11-6.1mdv2008.1.x86_64.rpm
 10a37e876bef9e2448b839cb4fe1bcfd  2008.1/x86_64/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.x86_64.rpm
 1627455d5048e7e54a08ebaaccd9aa0d  2008.1/x86_64/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.x86_64.rpm
 f5afffe07c9e2d8f9d24e2494904e04e  2008.1/x86_64/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.x86_64.rpm
 bed786208ab8427d63f1a0f7fae3cfde  2008.1/x86_64/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.x86_64.rpm
 330c2e33be0c0e5cdc305360d5c0a4f7  2008.1/x86_64/perl-Cyrus-2.3.11-6.1mdv2008.1.x86_64.rpm 
 1ff485cd9434cf4fd67194d6528028b4  2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 861b1478ad055a9a6f07eb8967ff547a  2009.0/i586/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 861c1bfcad95c60c11522e8335295e7a  2009.0/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 5b0ecc7269cb9b413ef88ea06dc5fe15  2009.0/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 7849f9bbe45a3057c05104a9a1762474  2009.0/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 09c14dd031920d5a8969b70f84fc49a3  2009.0/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 16972adb346b781505b3f5d3f3c71946  2009.0/i586/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 
 13b073cf3d8941c69f1cbadf23824789  2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 95d7b331e1177ade9a191f86c0a0cf79  2009.0/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 bd05df88b56999da5c13e8d8792da7b8  2009.0/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 4e64259aee697cdaf72cd00e658a8598  2009.0/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 72ebe80164830a43ab6bf845809e4d55  2009.0/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 7f4546e7272547df7e652c72b1b105b7  2009.0/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 da57e28942a66e52d3e8dfe60bde32a5  2009.0/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm 
 13b073cf3d8941c69f1cbadf23824789  2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 58b94016098b3a5364221e39a123c39e  2009.1/i586/cyrus-imapd-2.3.14-1.1mdv2009.1.i586.rpm
 66cd4df4cfa7b18e1c79e0d211fb81aa  2009.1/i586/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.i586.rpm
 0c2e94276c31f2081ad111ab3ceecd29  2009.1/i586/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.i586.rpm
 c73fc447b15a7f4839c39a9771a8ac79  2009.1/i586/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.i586.rpm
 d507d2b74240e58285e43d77ae2fda6b  2009.1/i586/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.i586.rpm
 517cce2bb7391239c8aecbd8930d1474  2009.1/i586/perl-Cyrus-2.3.14-1.1mdv2009.1.i586.rpm 
 26aaa8d38cc9558e96928c50580246be  2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 5adbd549a75be7f0652a94a806990908  2009.1/x86_64/cyrus-imapd-2.3.14-1.1mdv2009.1.x86_64.rpm
 abb74664517821be7ed5e1325e525cea  2009.1/x86_64/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.x86_64.rpm
 4bd17d2d9e17d491d72d04810aba8ea2  2009.1/x86_64/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.x86_64.rpm
 936401cb2ac3c86fc442d3188c08c2d1  2009.1/x86_64/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.x86_64.rpm
 02d16f059dc993326a333292c8d8ad90  2009.1/x86_64/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.x86_64.rpm
 46372b504a0cbe8ebf8698b851b00428  2009.1/x86_64/perl-Cyrus-2.3.14-1.1mdv2009.1.x86_64.rpm 
 26aaa8d38cc9558e96928c50580246be  2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm

 Corporate 3.0:
 5392c40d6c4e1ff9fef3942a83849819  corporate/3.0/i586/cyrus-imapd-2.1.16-5.5.C30mdk.i586.rpm
 a12e7ab3f4028443fc5f996771ee7c2e  corporate/3.0/i586/cyrus-imapd-devel-2.1.16-5.5.C30mdk.i586.rpm
 b094e91d12bd4b61b2d973b31318ce11  corporate/3.0/i586/cyrus-imapd-murder-2.1.16-5.5.C30mdk.i586.rpm
 2cacfb15a7a0d5d8ce882ffe38bb2845  corporate/3.0/i586/cyrus-imapd-utils-2.1.16-5.5.C30mdk.i586.rpm
 63e2dd9ef59ad900d4ee4f9490979666  corporate/3.0/i586/perl-Cyrus-2.1.16-5.5.C30mdk.i586.rpm 
 6f3d1d3b7eeff09edd733ef6942180b7  corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 fe133fa1064adbf1d4607215d4e6bde7  corporate/3.0/x86_64/cyrus-imapd-2.1.16-5.5.C30mdk.x86_64.rpm
 0f1a9956110e84b18e0432b86db1fa5f  corporate/3.0/x86_64/cyrus-imapd-devel-2.1.16-5.5.C30mdk.x86_64.rpm
 15944d1019d0dc511d1224d79434643d  corporate/3.0/x86_64/cyrus-imapd-murder-2.1.16-5.5.C30mdk.x86_64.rpm
 04ca4f4cd2549f4d9e99ee7dbf1074e1  corporate/3.0/x86_64/cyrus-imapd-utils-2.1.16-5.5.C30mdk.x86_64.rpm
 0e0d65fa0c6ab3316481b935469e90f3  corporate/3.0/x86_64/perl-Cyrus-2.1.16-5.5.C30mdk.x86_64.rpm 
 6f3d1d3b7eeff09edd733ef6942180b7  corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.5.C30mdk.src.rpm

 Corporate 4.0:
 4a1f18fc2fc3c8e95b0ebd469b86cdf0  corporate/4.0/i586/cyrus-imapd-2.2.13-2.1.20060mlcs4.i586.rpm
 847bb7ffea3defd4d8806988797873da  corporate/4.0/i586/cyrus-imapd-devel-2.2.13-2.1.20060mlcs4.i586.rpm
 0e1e43933a7bd9fa099dfca49050a5cd  corporate/4.0/i586/cyrus-imapd-murder-2.2.13-2.1.20060mlcs4.i586.rpm
 d38696f97d1d3695e8407ac519f284a5  corporate/4.0/i586/cyrus-imapd-nntp-2.2.13-2.1.20060mlcs4.i586.rpm
 1e532cbedd10498ea758cbeb0efeb64b  corporate/4.0/i586/cyrus-imapd-utils-2.2.13-2.1.20060mlcs4.i586.rpm
 493514aa4f1854419ac68aa57aeab744  corporate/4.0/i586/perl-Cyrus-2.2.13-2.1.20060mlcs4.i586.rpm 
 c42c501087a96d32a7a04133de4d124b  corporate/4.0/SRPMS/cyrus-imapd-2.2.13-2.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c23a435bfe2e1a8eecc3047f597d7f24  corporate/4.0/x86_64/cyrus-imapd-2.2.13-2.1.20060mlcs4.x86_64.rpm
 69f886a7188731cedf8096456b882bee  corporate/4.0/x86_64/cyrus-imapd-devel-2.2.13-2.1.20060mlcs4.x86_64.rpm
 5b7debfa1e3b4f10885c04867504b076  corporate/4.0/x86_64/cyrus-imapd-murder-2.2.13-2.1.20060mlcs4.x86_64.rpm
 b15a896304a31d56852727b968079b55  corporate/4.0/x86_64/cyrus-imapd-nntp-2.2.13-2.1.20060mlcs4.x86_64.rpm
 5ef8ed1ac2475ac4dcc9fbfec14962dc  corporate/4.0/x86_64/cyrus-imapd-utils-2.2.13-2.1.20060mlcs4.x86_64.rpm
 e270f621bc9da684e2f228d5f29a92e2  corporate/4.0/x86_64/perl-Cyrus-2.2.13-2.1.20060mlcs4.x86_64.rpm 
 c42c501087a96d32a7a04133de4d124b  corporate/4.0/SRPMS/cyrus-imapd-2.2.13-2.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 3a96ff490d8c1ead6e799ec584122b85  mes5/i586/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 0de835b2fcbd5c83ad719d9c4ae9a1b5  mes5/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 098fcd5a79b3d01f5c9508de02c5e88f  mes5/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 8b45205d98b9e2d46851fd297ff4ddd0  mes5/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 295f60bf9ffd1784c69354e6e7f84eec  mes5/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 8bd1ee3f655b3c9ac6d98fd1fb275233  mes5/i586/perl-Cyrus-2.3.12-0.p2.4.1mdvmes5.i586.rpm 
 18628bdcef4ce4455a2a8b7b99dfc708  mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 cef42fadc6708bc6957d0da5979d85c9  mes5/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 12b66e5f5b24f93f47a18d12e973c1f9  mes5/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 842c4d08f4526361cca8c97adb04883a  mes5/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 ea008e3bd31062c8cf17444a03a37945  mes5/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 d002a9fc9e2090eaebfd100c8f1e89d5  mes5/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 785d0137bb6836b257cd5293f33f7b72  mes5/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm 
 18628bdcef4ce4455a2a8b7b99dfc708  mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.