cyrus-imapd is vulnerable to arbitrary code execution. The vulnerability exists as an authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user.
dovecot.org/list/dovecot-news/2009-September/000135.html
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
secunia.com/advisories/36698
secunia.com/advisories/36713
secunia.com/advisories/36904
support.apple.com/kb/HT3937
www.openwall.com/lists/oss-security/2009/09/14/3
www.osvdb.org/58103
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/bid/36377
www.ubuntu.com/usn/USN-838-1
www.vupen.com/english/advisories/2009/2641
www.vupen.com/english/advisories/2009/3184
access.redhat.com/errata/RHSA-2009:1459
exchange.xforce.ibmcloud.com/vulnerabilities/53248
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515
www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html