Title: Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow

Unknown or Incomplete

• CVE ID: 2009-2632 (see also: NVD)
• CERT VU: 336053
• Bugtraq ID: 36296
• Secunia Advisory ID: 36609 36629 36632 36840 36842 36846 36904 36932 39158 46530
• Other Advisory URL: http://kolab.org/security/kolab-vendor-notice-24.txt
  http://www.debian.org/security/2009/dsa-1881
  http://www.us.debian.org/security/2009/dsa-1881
  http://www.vupen.com/english/advisories/2009/2559
  https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
  https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
• Mail List Post: http://lists.andrew.cmu.edu/pipermail/cyrus-announce/2009-September/000068.html
  https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
  https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
• Vendor Specific Advisory URL: http://support.apple.com/kb/HT4077
  http://www.gentoo.org/security/en/glsa/glsa-201110-16.xml
  http://www.ubuntu.com/usn/USN-838-1
  http://www.us.debian.org/security/2009/dsa-1892
  http://www.us.debian.org/security/2009/dsa-1893
• News Article: http://www.computerworld.com/s/article/9174337/Apple_delivers_record_monster_security_update?taxonomyId=17
  http://www.esecurityplanet.com/features/article.php/3873656/article.htm
• Vendor Specific News/Changelog Entry: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail
  https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00239.html
  https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00250.html
• RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2009-1459.html

Unknown or Incomplete