Executive Summary
Summary | |
---|---|
Title | dovecot security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:0520 | First vendor Publication | 2013-02-21 |
Vendor | RedHat | Last vendor Modification | 2013-02-21 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts. (CVE-2011-2166, CVE-2011-2167) A flaw was found in the way Dovecot performed remote server identity verification, when it was configured to proxy IMAP and POP3 connections to remote hosts using TLS/SSL protocols. A remote attacker could use this flaw to conduct man-in-the-middle attacks using an X.509 certificate issued by a trusted Certificate Authority (for a different name). (CVE-2011-4318) This update also fixes the following bug: * When a new user first accessed their IMAP inbox, Dovecot was, under some circumstances, unable to change the group ownership of the inbox directory in the user's Maildir location to match that of the user's mail spool (/var/mail/$USER). This correctly generated an "Internal error occurred" message. However, with a subsequent attempt to access the inbox, Dovecot saw that the directory already existed and proceeded with its operation, leaving the directory with incorrectly set permissions. This update corrects the underlying permissions setting error. When a new user now accesses their inbox for the first time, and it is not possible to set group ownership, Dovecot removes the created directory and generates an error message instead of keeping the directory with incorrect group ownership. (BZ#697620) Users of dovecot are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the dovecot service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 709095 - CVE-2011-2166 dovecot: authenticated remote bypass of intended access restrictions 709097 - CVE-2011-2167 dovecot: directory traversal due to not obeying chroot directive 754980 - CVE-2011-4318 dovecot: proxy destination host name not checked against SSL certificate name |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-0520.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
33 % | CWE-20 | Improper Input Validation |
33 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15031 | |||
Oval ID: | oval:org.mitre.oval:def:15031 | ||
Title: | USN-1295-1 -- Dovecot vulnerability | ||
Description: | dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1295-1 CVE-2011-4318 | Version: | 5 |
Platform(s): | Ubuntu 11.10 | Product(s): | Dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27001 | |||
Oval ID: | oval:org.mitre.oval:def:27001 | ||
Title: | RHSA-2013:0520 -- dovecot security and bug fix update (Low) | ||
Description: | Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts. (CVE-2011-2166, CVE-2011-2167) A flaw was found in the way Dovecot performed remote server identity verification, when it was configured to proxy IMAP and POP3 connections to remote hosts using TLS/SSL protocols. A remote attacker could use this flaw to conduct man-in-the-middle attacks using an X.509 certificate issued by a trusted Certificate Authority (for a different name). (CVE-2011-4318) This update also fixes the following bug: * When a new user first accessed their IMAP inbox, Dovecot was, under some circumstances, unable to change the group ownership of the inbox directory in the user's Maildir location to match that of the user's mail spool (/var/mail/$USER). This correctly generated an "Internal error occurred" message. However, with a subsequent attempt to access the inbox, Dovecot saw that the directory already existed and proceeded with its operation, leaving the directory with incorrectly set permissions. This update corrects the underlying permissions setting error. When a new user now accesses their inbox for the first time, and it is not possible to set group ownership, Dovecot removes the created directory and generates an error message instead of keeping the directory with incorrect group ownership. (BZ#697620) Users of dovecot are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the dovecot service will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0520 CESA-2013:0520 CVE-2011-2166 CVE-2011-2167 CVE-2011-4318 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27675 | |||
Oval ID: | oval:org.mitre.oval:def:27675 | ||
Title: | ELSA-2013-0520 -- dovecot security and bug fix update (low) | ||
Description: | [1:2.0.9-5] - script-login did not drop privileges correctly (#709095) - fix directory traversal due to not obeying chroot directive (#709097) - check proxy destination host against SSL certificate name (#754980) [1:2.0.9-4] - dovecot may not set correct premissions for mail folder (#697620) [1:2.0.9-3] - fix potential crash when parsing header names that contain NUL characters (#728673) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0520 CVE-2011-2167 CVE-2011-4318 CVE-2011-2166 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : Ubuntu Update for dovecot USN-1295-1 File : nvt/gb_ubuntu_USN_1295_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-04 (Dovecot) File : nvt/glsa_201110_04.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77185 | Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness |
74515 | Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Ac... |
74514 | Dovecot script-login User / Group Configuration Settings Remote Access Restri... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-88.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_dovecot20-111215.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0520.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0520.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130221_dovecot_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0520.nasl - Type : ACT_GATHER_INFO |
2011-12-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1295-1.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-04.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:56:52 |
|
2013-03-07 13:21:05 |
|
2013-02-21 09:19:01 |
|