Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for cyrus_imap_server by cmu

    CVE-2011-3481 (GCVE-0-2011-3481)

    Vulnerability from nvd – Published: 2011-09-14 17:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-09-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:47.758Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
              },
              {
                "name": "cyrus-imap-indexgetids-dos(69842)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
              },
              {
                "name": "RHSA-2011:1508",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
              },
              {
                "name": "MDVSA-2012:037",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-09-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
            },
            {
              "name": "cyrus-imap-indexgetids-dos(69842)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
            },
            {
              "name": "RHSA-2011:1508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
            },
            {
              "name": "MDVSA-2012:037",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5",
                  "refsource": "CONFIRM",
                  "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
                },
                {
                  "name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
                },
                {
                  "name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
                },
                {
                  "name": "cyrus-imap-indexgetids-dos(69842)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
                },
                {
                  "name": "RHSA-2011:1508",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
                },
                {
                  "name": "MDVSA-2012:037",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3481",
        "datePublished": "2011-09-14T17:00:00.000Z",
        "dateReserved": "2011-09-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:47.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3208 (GCVE-0-2011-3208)

    Vulnerability from nvd – Published: 2011-09-14 17:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hermes.opensuse.org/messages/11723935 vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/46064 third-party-advisoryx_refsource_SECUNIA
    http://git.cyrusimap.org/cyrus-imapd/commit/?id=3… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/49534 vdb-entryx_refsource_BID
    http://www.osvdb.org/75307 vdb-entryx_refsource_OSVDB
    http://lists.opensuse.org/opensuse-updates/2011-0… vendor-advisoryx_refsource_SUSE
    http://asg.andrew.cmu.edu/archive/message.php?mai… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/45975 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://asg.andrew.cmu.edu/archive/message.php?mai… mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2011-13… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/45938 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://bugzilla.redhat.com/show_bug.cgi?id=734926 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2318 vendor-advisoryx_refsource_DEBIAN
    http://git.cyrusimap.org/cyrus-imapd/commit/?id=0… x_refsource_CONFIRM
    http://securitytracker.com/id?1026031 vdb-entryx_refsource_SECTRACK
    Date Public
    2011-09-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:56.064Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2011:1034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/11723935"
              },
              {
                "name": "46064",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46064"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
              },
              {
                "name": "49534",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49534"
              },
              {
                "name": "75307",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/75307"
              },
              {
                "name": "openSUSE-SU-2011:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
              },
              {
                "name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
              },
              {
                "name": "45975",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45975"
              },
              {
                "name": "cyrus-splitwildmats-bo(69679)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
              },
              {
                "name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
              },
              {
                "name": "RHSA-2011:1317",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
              },
              {
                "name": "45938",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45938"
              },
              {
                "name": "MDVSA-2011:149",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
              },
              {
                "name": "DSA-2318",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2318"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
              },
              {
                "name": "1026031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1026031"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-09-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SU-2011:1034",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/11723935"
            },
            {
              "name": "46064",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46064"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
            },
            {
              "name": "49534",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49534"
            },
            {
              "name": "75307",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/75307"
            },
            {
              "name": "openSUSE-SU-2011:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
            },
            {
              "name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
            },
            {
              "name": "45975",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45975"
            },
            {
              "name": "cyrus-splitwildmats-bo(69679)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
            },
            {
              "name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
            },
            {
              "name": "RHSA-2011:1317",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
            },
            {
              "name": "45938",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45938"
            },
            {
              "name": "MDVSA-2011:149",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
            },
            {
              "name": "DSA-2318",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2318"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
            },
            {
              "name": "1026031",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1026031"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3208",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2011:1034",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/11723935"
                },
                {
                  "name": "46064",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46064"
                },
                {
                  "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd",
                  "refsource": "CONFIRM",
                  "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
                },
                {
                  "name": "49534",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49534"
                },
                {
                  "name": "75307",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/75307"
                },
                {
                  "name": "openSUSE-SU-2011:1036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
                },
                {
                  "name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
                },
                {
                  "name": "45975",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45975"
                },
                {
                  "name": "cyrus-splitwildmats-bo(69679)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
                },
                {
                  "name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
                },
                {
                  "name": "RHSA-2011:1317",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
                },
                {
                  "name": "45938",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45938"
                },
                {
                  "name": "MDVSA-2011:149",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=734926",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
                },
                {
                  "name": "DSA-2318",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2318"
                },
                {
                  "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d",
                  "refsource": "CONFIRM",
                  "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
                },
                {
                  "name": "1026031",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1026031"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3208",
        "datePublished": "2011-09-14T17:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:56.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1926 (GCVE-0-2011-1926)

    Vulnerability from nvd – Published: 2011-05-23 22:00 – Updated: 2024-08-06 22:46
    VLAI
    Summary
    The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.redhat.com/support/errata/RHSA-2011-08… vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2011/dsa-2258 vendor-advisoryx_refsource_DEBIAN
    http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/c… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1025625 vdb-entryx_refsource_SECTRACK
    http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2242 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/44876 third-party-advisoryx_refsource_SECUNIA
    http://openwall.com/lists/oss-security/2011/05/17/2 mailing-listx_refsource_MLIST
    http://www.kb.cert.org/vuls/id/555316 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/44928 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/44913 third-party-advisoryx_refsource_SECUNIA
    http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 x_refsource_CONFIRM
    http://secunia.com/advisories/44670 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=705288 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://git.cyrusimap.org/cyrus-imapd/patch/?id=52… x_refsource_CONFIRM
    http://openwall.com/lists/oss-security/2011/05/17/15 mailing-listx_refsource_MLIST
    Date Public
    2011-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:46:00.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2011:0859",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0859.html"
              },
              {
                "name": "FEDORA-2011-7217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html"
              },
              {
                "name": "DSA-2258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2258"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php"
              },
              {
                "name": "MDVSA-2011:100",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:100"
              },
              {
                "name": "FEDORA-2011-7193",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html"
              },
              {
                "name": "1025625",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423"
              },
              {
                "name": "DSA-2242",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2242"
              },
              {
                "name": "44876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44876"
              },
              {
                "name": "[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/05/17/2"
              },
              {
                "name": "VU#555316",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/555316"
              },
              {
                "name": "44928",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44928"
              },
              {
                "name": "44913",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44913"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
              },
              {
                "name": "44670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705288"
              },
              {
                "name": "cyrus-starttls-command-exec(67867)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67867"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162"
              },
              {
                "name": "[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/05/17/15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2011:0859",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0859.html"
            },
            {
              "name": "FEDORA-2011-7217",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html"
            },
            {
              "name": "DSA-2258",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2258"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php"
            },
            {
              "name": "MDVSA-2011:100",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:100"
            },
            {
              "name": "FEDORA-2011-7193",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html"
            },
            {
              "name": "1025625",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423"
            },
            {
              "name": "DSA-2242",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2242"
            },
            {
              "name": "44876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44876"
            },
            {
              "name": "[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/05/17/2"
            },
            {
              "name": "VU#555316",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/555316"
            },
            {
              "name": "44928",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44928"
            },
            {
              "name": "44913",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44913"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
            },
            {
              "name": "44670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705288"
            },
            {
              "name": "cyrus-starttls-command-exec(67867)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67867"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162"
            },
            {
              "name": "[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/05/17/15"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1926",
        "datePublished": "2011-05-23T22:00:00.000Z",
        "dateReserved": "2011-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:46:00.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2632 (GCVE-0-2009-2632)

    Vulnerability from nvd – Published: 2009-09-08 23:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/36377 vdb-entryx_refsource_BID
    http://www.debian.org/security/2009/dsa-1881 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/36713 third-party-advisoryx_refsource_SECUNIA
    https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/36629 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cg… x_refsource_CONFIRM
    http://dovecot.org/list/dovecot-news/2009-Septemb… mailing-listx_refsource_MLIST
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/36632 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-838-1 vendor-advisoryx_refsource_UBUNTU
    http://www.osvdb.org/58103 vdb-entryx_refsource_OSVDB
    http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/36904 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36698 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36296 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/2641 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2009/2559 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.openwall.com/lists/oss-security/2009/09/14/3 mailing-listx_refsource_MLIST
    Date Public
    2009-09-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36377",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36377"
              },
              {
                "name": "DSA-1881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1881"
              },
              {
                "name": "36713",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36713"
              },
              {
                "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
              },
              {
                "name": "36629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36629"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
              },
              {
                "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
              },
              {
                "name": "APPLE-SA-2010-03-29-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
              },
              {
                "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
              },
              {
                "name": "36632",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36632"
              },
              {
                "name": "USN-838-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-838-1"
              },
              {
                "name": "58103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/58103"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4077"
              },
              {
                "name": "SUSE-SR:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
              },
              {
                "name": "36904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36904"
              },
              {
                "name": "36698",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36698"
              },
              {
                "name": "36296",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36296"
              },
              {
                "name": "ADV-2009-2641",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2641"
              },
              {
                "name": "ADV-2009-2559",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2559"
              },
              {
                "name": "FEDORA-2009-9559",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10082",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
              },
              {
                "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "36377",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36377"
            },
            {
              "name": "DSA-1881",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1881"
            },
            {
              "name": "36713",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36713"
            },
            {
              "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
            },
            {
              "name": "36629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36629"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
            },
            {
              "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
            },
            {
              "name": "36632",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36632"
            },
            {
              "name": "USN-838-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-838-1"
            },
            {
              "name": "58103",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/58103"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "SUSE-SR:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "36904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36904"
            },
            {
              "name": "36698",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36698"
            },
            {
              "name": "36296",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36296"
            },
            {
              "name": "ADV-2009-2641",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2641"
            },
            {
              "name": "ADV-2009-2559",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2559"
            },
            {
              "name": "FEDORA-2009-9559",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10082",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
            },
            {
              "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2009-2632",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36377",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36377"
                },
                {
                  "name": "DSA-1881",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1881"
                },
                {
                  "name": "36713",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36713"
                },
                {
                  "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                  "refsource": "MLIST",
                  "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
                },
                {
                  "name": "36629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36629"
                },
                {
                  "name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
                },
                {
                  "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
                  "refsource": "MLIST",
                  "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
                },
                {
                  "name": "APPLE-SA-2010-03-29-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
                },
                {
                  "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                  "refsource": "MLIST",
                  "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
                },
                {
                  "name": "36632",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36632"
                },
                {
                  "name": "USN-838-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-838-1"
                },
                {
                  "name": "58103",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/58103"
                },
                {
                  "name": "http://support.apple.com/kb/HT4077",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4077"
                },
                {
                  "name": "SUSE-SR:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
                },
                {
                  "name": "36904",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36904"
                },
                {
                  "name": "36698",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36698"
                },
                {
                  "name": "36296",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36296"
                },
                {
                  "name": "ADV-2009-2641",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/2641"
                },
                {
                  "name": "ADV-2009-2559",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/2559"
                },
                {
                  "name": "FEDORA-2009-9559",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10082",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
                },
                {
                  "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2009-2632",
        "datePublished": "2009-09-08T23:00:00.000Z",
        "dateReserved": "2009-07-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3481 (GCVE-0-2011-3481)

    Vulnerability from cvelistv5 – Published: 2011-09-14 17:00 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-09-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:47.758Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
              },
              {
                "name": "cyrus-imap-indexgetids-dos(69842)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
              },
              {
                "name": "RHSA-2011:1508",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
              },
              {
                "name": "MDVSA-2012:037",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-09-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
            },
            {
              "name": "cyrus-imap-indexgetids-dos(69842)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
            },
            {
              "name": "RHSA-2011:1508",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
            },
            {
              "name": "MDVSA-2012:037",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5",
                  "refsource": "CONFIRM",
                  "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5"
                },
                {
                  "name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463"
                },
                {
                  "name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772",
                  "refsource": "CONFIRM",
                  "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772"
                },
                {
                  "name": "cyrus-imap-indexgetids-dos(69842)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842"
                },
                {
                  "name": "RHSA-2011:1508",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
                },
                {
                  "name": "MDVSA-2012:037",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3481",
        "datePublished": "2011-09-14T17:00:00.000Z",
        "dateReserved": "2011-09-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:47.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3208 (GCVE-0-2011-3208)

    Vulnerability from cvelistv5 – Published: 2011-09-14 17:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hermes.opensuse.org/messages/11723935 vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/46064 third-party-advisoryx_refsource_SECUNIA
    http://git.cyrusimap.org/cyrus-imapd/commit/?id=3… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/49534 vdb-entryx_refsource_BID
    http://www.osvdb.org/75307 vdb-entryx_refsource_OSVDB
    http://lists.opensuse.org/opensuse-updates/2011-0… vendor-advisoryx_refsource_SUSE
    http://asg.andrew.cmu.edu/archive/message.php?mai… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/45975 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://asg.andrew.cmu.edu/archive/message.php?mai… mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2011-13… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/45938 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://bugzilla.redhat.com/show_bug.cgi?id=734926 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2318 vendor-advisoryx_refsource_DEBIAN
    http://git.cyrusimap.org/cyrus-imapd/commit/?id=0… x_refsource_CONFIRM
    http://securitytracker.com/id?1026031 vdb-entryx_refsource_SECTRACK
    Date Public
    2011-09-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:56.064Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2011:1034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/11723935"
              },
              {
                "name": "46064",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46064"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
              },
              {
                "name": "49534",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49534"
              },
              {
                "name": "75307",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/75307"
              },
              {
                "name": "openSUSE-SU-2011:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
              },
              {
                "name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
              },
              {
                "name": "45975",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45975"
              },
              {
                "name": "cyrus-splitwildmats-bo(69679)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
              },
              {
                "name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
              },
              {
                "name": "RHSA-2011:1317",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
              },
              {
                "name": "45938",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/45938"
              },
              {
                "name": "MDVSA-2011:149",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
              },
              {
                "name": "DSA-2318",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2318"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
              },
              {
                "name": "1026031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1026031"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-09-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SU-2011:1034",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/11723935"
            },
            {
              "name": "46064",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46064"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
            },
            {
              "name": "49534",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49534"
            },
            {
              "name": "75307",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/75307"
            },
            {
              "name": "openSUSE-SU-2011:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
            },
            {
              "name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
            },
            {
              "name": "45975",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45975"
            },
            {
              "name": "cyrus-splitwildmats-bo(69679)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
            },
            {
              "name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
            },
            {
              "name": "RHSA-2011:1317",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
            },
            {
              "name": "45938",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/45938"
            },
            {
              "name": "MDVSA-2011:149",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
            },
            {
              "name": "DSA-2318",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2318"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
            },
            {
              "name": "1026031",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1026031"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3208",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2011:1034",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/11723935"
                },
                {
                  "name": "46064",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46064"
                },
                {
                  "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd",
                  "refsource": "CONFIRM",
                  "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd"
                },
                {
                  "name": "49534",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49534"
                },
                {
                  "name": "75307",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/75307"
                },
                {
                  "name": "openSUSE-SU-2011:1036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html"
                },
                {
                  "name": "[cyrus-announce] 20110908 Cyrus 2.4.11 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=200"
                },
                {
                  "name": "45975",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45975"
                },
                {
                  "name": "cyrus-splitwildmats-bo(69679)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69679"
                },
                {
                  "name": "[cyrus-announce] 20110908 Cyrus 2.3.17 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=199"
                },
                {
                  "name": "RHSA-2011:1317",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-1317.html"
                },
                {
                  "name": "45938",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/45938"
                },
                {
                  "name": "MDVSA-2011:149",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=734926",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734926"
                },
                {
                  "name": "DSA-2318",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2318"
                },
                {
                  "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d",
                  "refsource": "CONFIRM",
                  "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d"
                },
                {
                  "name": "1026031",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1026031"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3208",
        "datePublished": "2011-09-14T17:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:56.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1926 (GCVE-0-2011-1926)

    Vulnerability from cvelistv5 – Published: 2011-05-23 22:00 – Updated: 2024-08-06 22:46
    VLAI
    Summary
    The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.redhat.com/support/errata/RHSA-2011-08… vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.debian.org/security/2011/dsa-2258 vendor-advisoryx_refsource_DEBIAN
    http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/c… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1025625 vdb-entryx_refsource_SECTRACK
    http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2242 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/44876 third-party-advisoryx_refsource_SECUNIA
    http://openwall.com/lists/oss-security/2011/05/17/2 mailing-listx_refsource_MLIST
    http://www.kb.cert.org/vuls/id/555316 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/44928 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/44913 third-party-advisoryx_refsource_SECUNIA
    http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424 x_refsource_CONFIRM
    http://secunia.com/advisories/44670 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=705288 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://git.cyrusimap.org/cyrus-imapd/patch/?id=52… x_refsource_CONFIRM
    http://openwall.com/lists/oss-security/2011/05/17/15 mailing-listx_refsource_MLIST
    Date Public
    2011-03-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:46:00.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2011:0859",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0859.html"
              },
              {
                "name": "FEDORA-2011-7217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html"
              },
              {
                "name": "DSA-2258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2258"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php"
              },
              {
                "name": "MDVSA-2011:100",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:100"
              },
              {
                "name": "FEDORA-2011-7193",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html"
              },
              {
                "name": "1025625",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423"
              },
              {
                "name": "DSA-2242",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2242"
              },
              {
                "name": "44876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44876"
              },
              {
                "name": "[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/05/17/2"
              },
              {
                "name": "VU#555316",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/555316"
              },
              {
                "name": "44928",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44928"
              },
              {
                "name": "44913",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44913"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
              },
              {
                "name": "44670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705288"
              },
              {
                "name": "cyrus-starttls-command-exec(67867)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67867"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162"
              },
              {
                "name": "[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/05/17/15"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2011:0859",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0859.html"
            },
            {
              "name": "FEDORA-2011-7217",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html"
            },
            {
              "name": "DSA-2258",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2258"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cyrusimap.org/docs/cyrus-imapd/2.4.7/changes.php"
            },
            {
              "name": "MDVSA-2011:100",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:100"
            },
            {
              "name": "FEDORA-2011-7193",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html"
            },
            {
              "name": "1025625",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3423"
            },
            {
              "name": "DSA-2242",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2242"
            },
            {
              "name": "44876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44876"
            },
            {
              "name": "[oss-security] 20110517 CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/05/17/2"
            },
            {
              "name": "VU#555316",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/555316"
            },
            {
              "name": "44928",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44928"
            },
            {
              "name": "44913",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44913"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
            },
            {
              "name": "44670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705288"
            },
            {
              "name": "cyrus-starttls-command-exec(67867)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67867"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.cyrusimap.org/cyrus-imapd/patch/?id=523a91a5e86c8b9a27a138f04a3e3f2d8786f162"
            },
            {
              "name": "[oss-security] 20110517 Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: pure-ftpd STARTTLS command injection / new CVE?]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/05/17/15"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1926",
        "datePublished": "2011-05-23T22:00:00.000Z",
        "dateReserved": "2011-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:46:00.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2632 (GCVE-0-2009-2632)

    Vulnerability from cvelistv5 – Published: 2009-09-08 23:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/36377 vdb-entryx_refsource_BID
    http://www.debian.org/security/2009/dsa-1881 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/36713 third-party-advisoryx_refsource_SECUNIA
    https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/36629 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cg… x_refsource_CONFIRM
    http://dovecot.org/list/dovecot-news/2009-Septemb… mailing-listx_refsource_MLIST
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/36632 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-838-1 vendor-advisoryx_refsource_UBUNTU
    http://www.osvdb.org/58103 vdb-entryx_refsource_OSVDB
    http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/36904 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36698 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36296 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/2641 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2009/2559 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.openwall.com/lists/oss-security/2009/09/14/3 mailing-listx_refsource_MLIST
    Date Public
    2009-09-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36377",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36377"
              },
              {
                "name": "DSA-1881",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1881"
              },
              {
                "name": "36713",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36713"
              },
              {
                "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
              },
              {
                "name": "36629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36629"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
              },
              {
                "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
              },
              {
                "name": "APPLE-SA-2010-03-29-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
              },
              {
                "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
              },
              {
                "name": "36632",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36632"
              },
              {
                "name": "USN-838-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-838-1"
              },
              {
                "name": "58103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/58103"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4077"
              },
              {
                "name": "SUSE-SR:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
              },
              {
                "name": "36904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36904"
              },
              {
                "name": "36698",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36698"
              },
              {
                "name": "36296",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36296"
              },
              {
                "name": "ADV-2009-2641",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2641"
              },
              {
                "name": "ADV-2009-2559",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2559"
              },
              {
                "name": "FEDORA-2009-9559",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10082",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
              },
              {
                "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "36377",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36377"
            },
            {
              "name": "DSA-1881",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1881"
            },
            {
              "name": "36713",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36713"
            },
            {
              "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
            },
            {
              "name": "36629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36629"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
            },
            {
              "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
            },
            {
              "name": "36632",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36632"
            },
            {
              "name": "USN-838-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-838-1"
            },
            {
              "name": "58103",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/58103"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "SUSE-SR:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "36904",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36904"
            },
            {
              "name": "36698",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36698"
            },
            {
              "name": "36296",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36296"
            },
            {
              "name": "ADV-2009-2641",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2641"
            },
            {
              "name": "ADV-2009-2559",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2559"
            },
            {
              "name": "FEDORA-2009-9559",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10082",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
            },
            {
              "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2009-2632",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36377",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36377"
                },
                {
                  "name": "DSA-1881",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1881"
                },
                {
                  "name": "36713",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36713"
                },
                {
                  "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                  "refsource": "MLIST",
                  "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"
                },
                {
                  "name": "36629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36629"
                },
                {
                  "name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62\u0026r2=1.62.2.1\u0026only_with_tag=cyrus-imapd-2_2-tail"
                },
                {
                  "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
                  "refsource": "MLIST",
                  "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
                },
                {
                  "name": "APPLE-SA-2010-03-29-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
                },
                {
                  "name": "[Cyrus-CVS] 20090902 src/sieve by brong",
                  "refsource": "MLIST",
                  "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"
                },
                {
                  "name": "36632",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36632"
                },
                {
                  "name": "USN-838-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-838-1"
                },
                {
                  "name": "58103",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/58103"
                },
                {
                  "name": "http://support.apple.com/kb/HT4077",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4077"
                },
                {
                  "name": "SUSE-SR:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
                },
                {
                  "name": "36904",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36904"
                },
                {
                  "name": "36698",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36698"
                },
                {
                  "name": "36296",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36296"
                },
                {
                  "name": "ADV-2009-2641",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/2641"
                },
                {
                  "name": "ADV-2009-2559",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/2559"
                },
                {
                  "name": "FEDORA-2009-9559",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10082",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"
                },
                {
                  "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2009-2632",
        "datePublished": "2009-09-08T23:00:00.000Z",
        "dateReserved": "2009-07-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }