Executive Summary
Summary | |
---|---|
Title | dovecot security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0297 | First vendor Publication | 2008-05-20 |
Vendor | RedHat | Last vendor Modification | 2008-05-20 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated dovecot package that fixes several security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind. A flaw was discovered in the way Dovecot handled the "mail_extra_groups" option. An authenticated attacker with local shell access could leverage this flaw to read, modify, or delete other users mail that is stored on the mail server. (CVE-2008-1199) This issue did not affect the default Red Hat Enterprise Linux 5 Dovecot configuration. This update adds two new configuration options -- "mail_privileged_group" and "mail_access_groups" -- to minimize the usage of additional privileges. A directory traversal flaw was discovered in Dovecot's zlib plug-in. An authenticated user could use this flaw to view other compressed mailboxes with the permissions of the Dovecot process. (CVE-2007-2231) A flaw was found in the Dovecot ACL plug-in. User with only insert permissions for a mailbox could use the "COPY" and "APPEND" commands to set additional message flags. (CVE-2007-4211) A flaw was found in a way Dovecot cached LDAP query results in certain configurations. This could possibly allow authenticated users to log in as a different user who has the same password. (CVE-2007-6598) As well, this updated package fixes the following bugs: * configuring "userdb" and "passdb" to use LDAP caused Dovecot to hang. A segmentation fault may have occurred. In this updated package, using an LDAP backend for "userdb" and "passdb" no longer causes Dovecot to hang. * the Dovecot "login_process_size" limit was configured for 32-bit systems. On 64-bit systems, when Dovecot was configured to use either IMAP or POP3, the log in processes crashed with out-of-memory errors. Errors such as the following were logged: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory In this updated package, the "login_process_size" limit is correctly configured on 64-bit systems, which resolves this issue. Note: this updated package upgrades dovecot to version 1.0.7. For further details, refer to the Dovecot changelog: http://koji.fedoraproject.org/koji/buildinfo?buildID=23397 Users of dovecot are advised to upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 238439 - CVE-2007-2231 Directory traversal in dovecot with zlib plugin 245249 - Dovecot hangs while using ldap backend. 251007 - CVE-2007-4211 Dovecot possible privilege ascalation in ACL plugin 253363 - Dovecot pop3-login/imap-login crash with OOM error 331441 - Please consider upgrading Dovecot to 1.0rc23 at least 380401 - tracker bug for 1.0.7 rebase 427575 - CVE-2007-6598: dovecot LDAP+auth cache user login mixup 436927 - CVE-2008-1199 dovecot: insecure mail_extra_groups option |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0297.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
33 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10458 | |||
Oval ID: | oval:org.mitre.oval:def:10458 | ||
Title: | Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | ||
Description: | Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6598 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10739 | |||
Oval ID: | oval:org.mitre.oval:def:10739 | ||
Title: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||
Description: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1199 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10995 | |||
Oval ID: | oval:org.mitre.oval:def:10995 | ||
Title: | Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | ||
Description: | Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2231 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11558 | |||
Oval ID: | oval:org.mitre.oval:def:11558 | ||
Title: | The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | ||
Description: | The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4211 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17080 | |||
Oval ID: | oval:org.mitre.oval:def:17080 | ||
Title: | USN-567-1 -- dovecot vulnerability | ||
Description: | It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-567-1 CVE-2007-6598 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18653 | |||
Oval ID: | oval:org.mitre.oval:def:18653 | ||
Title: | DSA-1457-1 dovecot | ||
Description: | It was discovered that Dovecot, a POP3 and IMAP server, only when used with LDAP authentication and <q>base</q> contains variables, could allow a user to log in to the account of another user with the same password. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1457-1 CVE-2007-6598 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20207 | |||
Oval ID: | oval:org.mitre.oval:def:20207 | ||
Title: | DSA-1359-1 dovecot - directory traversal | ||
Description: | It was discovered that dovecot, a secure mail server that supports mbox and maildir mailboxes, when configured to use non-system-user spools and compressed folders, may allow directory traversal in mailbox names. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1359-1 CVE-2007-2231 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22086 | |||
Oval ID: | oval:org.mitre.oval:def:22086 | ||
Title: | ELSA-2008:0297: dovecot security and bug fix update (Low) | ||
Description: | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0297-02 CVE-2007-2231 CVE-2007-4211 CVE-2007-6598 CVE-2008-1199 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8032 | |||
Oval ID: | oval:org.mitre.oval:def:8032 | ||
Title: | DSA-1457 dovecot -- programming error | ||
Description: | It was discovered that Dovecot, a POP3 and IMAP server, only when used # Remark: "base" refers to a variable(?!) and should not contain something as # base = %r! with LDAP authentication and base contains variables, could allow a user to log in to the account of another user with the same password. The old stable distribution (sarge) is not affected. For the stable distribution (etch), this problem has been fixed in version 1.0.rc15-2etch3. For the unstable distribution (sid), this problem has been fixed in version 1.0.10-1. We recommend that you upgrade your dovecot packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1457 CVE-2007-6598 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | dovecot |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-03-23 | Name : Ubuntu Update for dovecot vulnerability USN-487-1 File : nvt/gb_ubuntu_USN_487_1.nasl |
2009-03-23 | Name : Ubuntu Update for dovecot vulnerability USN-567-1 File : nvt/gb_ubuntu_USN_567_1.nasl |
2009-03-23 | Name : Ubuntu Update for dovecot vulnerabilities USN-593-1 File : nvt/gb_ubuntu_USN_593_1.nasl |
2009-03-06 | Name : RedHat Update for dovecot RHSA-2008:0297-02 File : nvt/gb_RHSA-2008_0297-02_dovecot.nasl |
2009-02-27 | Name : Fedora Update for dovecot FEDORA-2007-493 File : nvt/gb_fedora_2007_493_dovecot_fc5.nasl |
2009-02-16 | Name : Fedora Update for dovecot FEDORA-2008-2464 File : nvt/gb_fedora_2008_2464_dovecot_fc8.nasl |
2009-02-16 | Name : Fedora Update for dovecot FEDORA-2008-2475 File : nvt/gb_fedora_2008_2475_dovecot_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-25 (dovecot) File : nvt/glsa_200803_25.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1516-1 (dovecot) File : nvt/deb_1516_1.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1457-1 (dovecot) File : nvt/deb_1457_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1359-1 (dovecot) File : nvt/deb_1359_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43137 | Dovecot mail_extra_groups Symlink File Manipulation |
39876 | Dovecot LDAP Auth Cache Security Bypass |
39386 | Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manip... |
35489 | Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080521_dovecot_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2008-10-01 | Name : The remote openSUSE host is missing a security update. File : suse_dovecot-5647.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0297.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-593-1.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-25.nasl - Type : ACT_GATHER_INFO |
2008-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1516.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2464.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2475.nasl - Type : ACT_GATHER_INFO |
2008-01-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-567-1.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1457.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-487-1.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1359.nasl - Type : ACT_GATHER_INFO |
2007-05-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-493.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:39 |
|