Executive Summary
Summary | |
---|---|
Title | Dovecot: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200803-25 | First vendor Publication | 2008-03-18 |
Vendor | Gentoo | Last vendor Modification | 2008-03-18 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Two vulnerabilities in Dovecot allow for information disclosure and argument injection. Background Description Impact The second vulnerability can be abused to inject arguments for internal fields. No exploitation vectors are known for this vulnerability that affect previously stable versions of Dovecot in Gentoo. Workaround Resolution This version removes the "mail_extra_groups" option and introduces a References Availability http://security.gentoo.org/glsa/glsa-200803-25.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200803-25.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-255 | Credentials Management |
33 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
33 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10739 | |||
Oval ID: | oval:org.mitre.oval:def:10739 | ||
Title: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||
Description: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1199 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17635 | |||
Oval ID: | oval:org.mitre.oval:def:17635 | ||
Title: | USN-593-1 -- dovecot vulnerabilities | ||
Description: | It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-593-1 CVE-2008-1199 CVE-2008-1218 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18006 | |||
Oval ID: | oval:org.mitre.oval:def:18006 | ||
Title: | DSA-1516-1 dovecot - privilege escalation | ||
Description: | Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory on the server (for example, through an SSH login) could read and also delete via a symbolic link mailboxes owned by other users for which they do not have direct access (<a href="http://security-tracker.debian.org/tracker/CVE-2008-1199">CVE-2008-1199</a>). In addition, an internal interpretation conflict in password handling has been addressed proactively, even though it is not known to be exploitable (<a href="http://security-tracker.debian.org/tracker/CVE-2008-1218">CVE-2008-1218</a>). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1516-1 CVE-2008-1199 CVE-2008-1218 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22086 | |||
Oval ID: | oval:org.mitre.oval:def:22086 | ||
Title: | ELSA-2008:0297: dovecot security and bug fix update (Low) | ||
Description: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0297-02 CVE-2007-2231 CVE-2007-4211 CVE-2007-6598 CVE-2008-1199 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8054 | |||
Oval ID: | oval:org.mitre.oval:def:8054 | ||
Title: | DSA-1516 dovecot -- privilege escalation | ||
Description: | Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory on the server (for example, through an SSH login) could read and also delete via a symbolic link mailboxes owned by other users for which they do not have direct access (CVE-2008-1199). In addition, an internal interpretation conflict in password handling has been addressed proactively, even though it is not known to be exploitable (CVE-2008-1218). Note that applying this update requires manual action: The configuration setting mail_extra_groups = mail has been replaced with mail_privileged_group = mail. The update will show a configuration file conflict in /etc/dovecot/dovecot.conf. It is recommended that you keep the currently installed configuration file, and change the affected line. For your reference, the sample configuration (without your local changes) will have been written to /etc/dovecot/dovecot.conf.dpkg-new. If your current configuration uses mail_extra_groups with a value different from mail, you may have to resort to the mail_access_groups configuration directive. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1516 CVE-2008-1199 CVE-2008-1218 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dovecot |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-03-14 | Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2009-03-23 | Name : Ubuntu Update for dovecot vulnerabilities USN-593-1 File : nvt/gb_ubuntu_USN_593_1.nasl |
2009-03-06 | Name : RedHat Update for dovecot RHSA-2008:0297-02 File : nvt/gb_RHSA-2008_0297-02_dovecot.nasl |
2009-02-16 | Name : Fedora Update for dovecot FEDORA-2008-2464 File : nvt/gb_fedora_2008_2464_dovecot_fc8.nasl |
2009-02-16 | Name : Fedora Update for dovecot FEDORA-2008-2475 File : nvt/gb_fedora_2008_2475_dovecot_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-25 (dovecot) File : nvt/glsa_200803_25.nasl |
2008-09-04 | Name : FreeBSD Ports: dovecot File : nvt/freebsd_dovecot0.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1516-1 (dovecot) File : nvt/deb_1516_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43137 | Dovecot mail_extra_groups Symlink File Manipulation |
42979 | Dovecot passdbs Argument Injection Authentication Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080521_dovecot_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2008-10-01 | Name : The remote openSUSE host is missing a security update. File : suse_dovecot-5647.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0297.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-593-1.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-25.nasl - Type : ACT_GATHER_INFO |
2008-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1516.nasl - Type : ACT_GATHER_INFO |
2008-03-14 | Name : The remote mail server is affected by an authentication bypass vulnerability. File : dovecot_auth_bypass.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2464.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2475.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:40 |
|