Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host has Dovecot Sieve Plugin installed and is prone to multiple Buffer Overflow Vulnerabilities

Impact

Successful attack could allow malicious people to crash an affected application or execute arbitrary code. Impact Level: Application

Solution

Apply the patch or upgrade to Dovecot version 1.1.4 or 1.1.7 http://www.dovecot.org/download.html http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628 http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

Multiple buffer overflow errors in the CMU libsieve when processing malicious SIEVE scripts.

Affected

Dovecot versions 1.0 before 1.0.4 and 1.1 before 1.1.7

References

http://www.dovecot.org/list/dovecot-news/2009-September/000135.html
http://www.vupen.com/english/advisories/2009/2641
http://xforce.iss.net/xforce/xfdb/53248

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3235

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ALLMediaServer Request Handling Stack Buffer Overflow Vulnerability
CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability

Take action and discover your vulnerabilities