Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64838

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)

Resumen: The remote host is missing an update to cyrus-imapd;announced via advisory MDVSA-2009:229.

Descripción: Summary:
The remote host is missing an update to cyrus-imapd
announced via advisory MDVSA-2009:229.

Vulnerability Insight:
A vulnerability has been found and corrected in cyrus-imapd:

Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users
to execute arbitrary code and read or modify arbitrary messages via
a crafted SIEVE script, related to the incorrect use of the sizeof
operator for determining buffer length, combined with an integer
signedness error (CVE-2009-2632).

This update provides a solution to this vulnerability.

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2632
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 36296
http://www.securityfocus.com/bid/36296
BugTraq ID: 36377
http://www.securityfocus.com/bid/36377
Debian Security Information: DSA-1881 (Google Search)
http://www.debian.org/security/2009/dsa-1881
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html
https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html
http://dovecot.org/list/dovecot-news/2009-September/000135.html
http://www.openwall.com/lists/oss-security/2009/09/14/3
http://www.osvdb.org/58103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082
http://secunia.com/advisories/36629
http://secunia.com/advisories/36632
http://secunia.com/advisories/36698
http://secunia.com/advisories/36713
http://secunia.com/advisories/36904
SuSE Security Announcement: SUSE-SR:2009:016 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://www.ubuntu.com/usn/USN-838-1
http://www.vupen.com/english/advisories/2009/2559
http://www.vupen.com/english/advisories/2009/2641

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64838
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
Resumen:	The remote host is missing an update to cyrus-imapd;announced via advisory MDVSA-2009:229.
Descripción:	Summary: The remote host is missing an update to cyrus-imapd announced via advisory MDVSA-2009:229. Vulnerability Insight: A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2632 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 36296 http://www.securityfocus.com/bid/36296 BugTraq ID: 36377 http://www.securityfocus.com/bid/36377 Debian Security Information: DSA-1881 (Google Search) http://www.debian.org/security/2009/dsa-1881 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html http://dovecot.org/list/dovecot-news/2009-September/000135.html http://www.openwall.com/lists/oss-security/2009/09/14/3 http://www.osvdb.org/58103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082 http://secunia.com/advisories/36629 http://secunia.com/advisories/36632 http://secunia.com/advisories/36698 http://secunia.com/advisories/36713 http://secunia.com/advisories/36904 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://www.ubuntu.com/usn/USN-838-1 http://www.vupen.com/english/advisories/2009/2559 http://www.vupen.com/english/advisories/2009/2641
Copyright	Copyright (C) 2009 E-Soft Inc.