Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Dovecot: Multiple vulnerabilities
Informations
Name GLSA-200812-16 First vendor Publication 2008-12-14
Vendor Gentoo Last vendor Modification 2008-12-14
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score 6.4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities were found in the Dovecot mailserver.

Background

Dovecot is an IMAP and POP3 server written with security primarily in mind.

Description

Several vulnerabilities were found in Dovecot:

* The "k" right in the acl_plugin does not work as expected (CVE-2008-4577, CVE-2008-4578)

* The dovecot.conf is world-readable, providing improper protection for the ssl_key_password setting (CVE-2008-4870)

* A permanent Denial of Service with broken mail headers is possible (CVE-2008-4907)

Impact

These vulnerabilities might allow a remote attacker to cause a Denial of Service, to circumvent security restrictions or allow local attackers to disclose the passphrase of the SSL private key.

Workaround

There is no known workaround at this time.

Resolution

All Dovecot users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.1.7-r1"

Users should be aware that dovecot.conf will still be world-readable after the update. If employing ssl_key_password, it should not be used in dovecot.conf but in a separate file which should be included with
"include_try".

References

[ 1 ] CVE-2008-4577 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577
[ 2 ] CVE-2008-4578 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4578
[ 3 ] CVE-2008-4870 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4870
[ 4 ] CVE-2008-4907 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4907

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200812-16.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200812-16.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-87 Forceful Browsing
CAPEC-104 Cross Zone Scripting

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-732 Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10376
 
Oval ID: oval:org.mitre.oval:def:10376
Title: The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
Description: The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4577
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10776
 
Oval ID: oval:org.mitre.oval:def:10776
Title: dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Description: dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4870
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17714
 
Oval ID: oval:org.mitre.oval:def:17714
Title: USN-666-1 -- dovecot vulnerability
Description: It was discovered that certain email headers were not correctly handled by Dovecot.
Family: unix Class: patch
Reference(s): USN-666-1
CVE-2008-4907
 Version: 5
Platform(s): Ubuntu 8.10
 Product(s): dovecot
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21764
 
Oval ID: oval:org.mitre.oval:def:21764
Title: ELSA-2009:0205: dovecot security and bug fix update (Low)
Description: dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Family: unix Class: patch
Reference(s): ELSA-2009:0205-02
CVE-2008-4577
CVE-2008-4870
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): dovecot
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29313
 
Oval ID: oval:org.mitre.oval:def:29313
Title: RHSA-2009:0205 -- dovecot security and bug fix update (Low)
Description: An updated dovecot package that corrects two security flaws and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind.
Family: unix Class: patch
Reference(s): RHSA-2009:0205
CVE-2008-4577
CVE-2008-4870
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
 Product(s): dovecot
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 62
Os 3
Os 2
Os 1

OpenVAS Exploits

Date Description
2009-10-06 Name : Ubuntu USN-838-1 (dovecot)
File : nvt/ubuntu_838_1.nasl
2009-06-05 Name : Ubuntu USN-698-1 (nagios)
File : nvt/ubuntu_698_1.nasl
2009-04-09 Name : Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
File : nvt/gb_mandriva_MDVSA_2008_232.nasl
2009-03-23 Name : Ubuntu Update for dovecot vulnerability USN-666-1
File : nvt/gb_ubuntu_USN_666_1.nasl
2009-02-18 Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-02-17 Name : Fedora Update for dovecot FEDORA-2008-9202
File : nvt/gb_fedora_2008_9202_dovecot_fc9.nasl
2009-02-17 Name : Fedora Update for dovecot FEDORA-2008-9232
File : nvt/gb_fedora_2008_9232_dovecot_fc8.nasl
2009-01-26 Name : RedHat Security Advisory RHSA-2009:0205
File : nvt/RHSA_2009_0205.nasl
2008-12-29 Name : Ubuntu USN-697-1 (imlib2)
File : nvt/ubuntu_697_1.nasl
2008-12-29 Name : Ubuntu USN-698-2 (nagios3)
File : nvt/ubuntu_698_2.nasl
2008-12-29 Name : Ubuntu USN-699-1 (blender)
File : nvt/ubuntu_699_1.nasl
2008-12-23 Name : Gentoo Security Advisory GLSA 200812-16 (dovecot)
File : nvt/glsa_200812_16.nasl
2008-11-24 Name : FreeBSD Ports: dovecot
File : nvt/freebsd_dovecot1.nasl
2008-10-17 Name : Dovecot ACL Plugin Security Bypass Vulnerabilities
File : nvt/gb_dovecot_mult_sec_bypass_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50253 Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Dis...
49429 Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
49099 Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
49098 Dovecot ACL Plugin Negative Access Rights Bypass

Nessus® Vulnerability Scanner

Date Description
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090120_dovecot_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-838-1.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_dovecot-090205.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-232.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-666-1.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote openSUSE host is missing a security update.
File : suse_dovecot-5986.nasl - Type : ACT_GATHER_INFO
2009-01-21 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0205.nasl - Type : ACT_GATHER_INFO
2008-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200812-16.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_75c24c1db68811dd88fd001c2514716c.nasl - Type : ACT_GATHER_INFO
2008-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9202.nasl - Type : ACT_GATHER_INFO
2008-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9232.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:36:11
  • Multiple Updates