Red Hat Bugzilla – Bug 523910
CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows
Last modified: 2014-11-11 11:00:14 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3235 to the following vulnerability:
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted SIEVE script, as
demonstrated by forwarding an e-mail message to a large number of
recipients, a different vulnerability than CVE-2009-2632.
Note: Sieve implementation used in cyrus-imapd is affected by these issues too.
http://www.kb.cert.org/vuls/id/336053 (for CVE-2009-2632)
Cyrus upstream patches:
Dovecot update for Fedora 10 already includes these fixes:
Dovecot on Fedora 11+ (uses different sieve plugin) and Red Hat Enterprise Linux 4 and 5 (no sieve plugin) are not affected by his flaw.
cyrus-imapd packages in Fedora and Red Hat Enterprise Linux will be updated to address this flaws.
All these additional overflows are sprintf()s to static char buffers. On Red Hat Enterprise Linux 5 and later (including all current Fedora versoins), these overflows are caught by FORTIFY_SOURCE reducing the impact to controlled abort of one of the cyrus-imapd child processes that are later re-spawned by the master.
cyrus-imapd-2.3.15-1.fc10 has been submitted as an update for Fedora 10.
cyrus-imapd-2.3.15-1.fc11 has been submitted as an update for Fedora 11.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Via RHSA-2009:1459 https://rhn.redhat.com/errata/RHSA-2009-1459.html
cyrus-imapd-2.3.15-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
cyrus-imapd-2.3.15-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.