Anonymous | Login | 2024-04-29 22:03 CEST |
Main | My View | View Issues |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0003898 | [cyrus_imapd] packaging | major | always | 2009-09-15 11:04 | 2009-11-22 12:51 | ||
Reporter | jeanclaudeben | View Status | public | ||||
Assigned To | yann | ||||||
Priority | normal | Resolution | fixed | Platform | |||
Status | closed | OS | |||||
Projection | none | OS Version | |||||
ETA | none | Product Build | |||||
Summary | 0003898: SIEVE vulnerability | ||||||
Description |
Hi http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 [^] Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. Is it possible to package the updated version : 2.3.15 ? |
||||||
Steps To Reproduce | |||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Copyright © 2000 - 2008 Mantis Group |