Executive Summary
Summary | |
---|---|
Title | Dovecot: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201110-04 | First vendor Publication | 2011-10-10 |
Vendor | Gentoo | Last vendor Modification | 2011-10-10 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code. Background Description Impact Workaround Resolution All Dovecot 2 users should upgrade to the latest version: NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 28, 2011. It is likely that your system is already no longer affected by this issue. References Availability http://security.gentoo.org/glsa/glsa-201110-04.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201110-04.xml |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-122 | Exploitation of Authorization |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-264 | Permissions, Privileges, and Access Controls |
10 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
10 % | CWE-399 | Resource Management Errors |
10 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
10 % | CWE-20 | Improper Input Validation |
10 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10515 | |||
Oval ID: | oval:org.mitre.oval:def:10515 | ||
Title: | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | ||
Description: | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3235 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12978 | |||
Oval ID: | oval:org.mitre.oval:def:12978 | ||
Title: | DSA-2252-1 dovecot -- programming error | ||
Description: | It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers. The oldstable distribution is not affected. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2252-1 CVE-2011-1929 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13521 | |||
Oval ID: | oval:org.mitre.oval:def:13521 | ||
Title: | USN-1059-1 -- dovecot vulnerabilities | ||
Description: | It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstances. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. It was discovered that the ACL plugin in Dovecot would incorrectly grant the admin permission to owners of certain mailboxes. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. It was discovered that Dovecot incorrecly handled the simultaneous disconnect of a large number of sessions. A remote authenticated user could use this flaw to cause Dovecot to crash, resulting in a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1059-1 CVE-2010-3304 CVE-2010-3706 CVE-2010-3707 CVE-2010-3779 CVE-2010-3780 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13646 | |||
Oval ID: | oval:org.mitre.oval:def:13646 | ||
Title: | USN-838-1 -- dovecot vulnerabilities | ||
Description: | It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code | ||
Family: | unix | Class: | patch |
Reference(s): | USN-838-1 CVE-2008-4577 CVE-2008-5301 CVE-2009-2632 CVE-2009-3235 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14026 | |||
Oval ID: | oval:org.mitre.oval:def:14026 | ||
Title: | USN-1143-1 -- dovecot vulnerability | ||
Description: | dovecot: IMAP and POP3 email server an attacker could send a crafted email message that could disrupt email service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1143-1 CVE-2011-1929 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18608 | |||
Oval ID: | oval:org.mitre.oval:def:18608 | ||
Title: | DSA-1892-1 dovecot - arbitrary code execution | ||
Description: | It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1892-1 CVE-2009-2632 CVE-2009-3235 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20174 | |||
Oval ID: | oval:org.mitre.oval:def:20174 | ||
Title: | DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd - arbitrary code execution | ||
Description: | It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by <a href="../../security/2009/dsa-1881">DSA 1881-1</a> was incomplete and the issue has been given an additional CVE id due to its complexity. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1893-1 CVE-2009-2632 CVE-2009-3235 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | cyrus-imapd-2.2 kolab-cyrus-imapd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21493 | |||
Oval ID: | oval:org.mitre.oval:def:21493 | ||
Title: | RHSA-2011:0600: dovecot security and enhancement update (Moderate) | ||
Description: | Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0600-01 CVE-2010-3707 CVE-2010-3780 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21976 | |||
Oval ID: | oval:org.mitre.oval:def:21976 | ||
Title: | RHSA-2011:1187: dovecot security update (Moderate) | ||
Description: | lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1187-01 CESA-2011:1187 CVE-2011-1929 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22982 | |||
Oval ID: | oval:org.mitre.oval:def:22982 | ||
Title: | ELSA-2009:1459: cyrus-imapd security update (Important) | ||
Description: | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1459-04 CVE-2009-2632 CVE-2009-3235 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | cyrus-imapd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23022 | |||
Oval ID: | oval:org.mitre.oval:def:23022 | ||
Title: | DEPRECATED: ELSA-2011:1187: dovecot security update (Moderate) | ||
Description: | lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1187-01 CVE-2011-1929 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23443 | |||
Oval ID: | oval:org.mitre.oval:def:23443 | ||
Title: | ELSA-2011:0600: dovecot security and enhancement update (Moderate) | ||
Description: | Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0600-01 CVE-2010-3707 CVE-2010-3780 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23639 | |||
Oval ID: | oval:org.mitre.oval:def:23639 | ||
Title: | ELSA-2011:1187: dovecot security update (Moderate) | ||
Description: | lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1187-01 CVE-2011-1929 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27675 | |||
Oval ID: | oval:org.mitre.oval:def:27675 | ||
Title: | ELSA-2013-0520 -- dovecot security and bug fix update (low) | ||
Description: | [1:2.0.9-5] - script-login did not drop privileges correctly (#709095) - fix directory traversal due to not obeying chroot directive (#709097) - check proxy destination host against SSL certificate name (#754980) [1:2.0.9-4] - dovecot may not set correct premissions for mail folder (#697620) [1:2.0.9-3] - fix potential crash when parsing header names that contain NUL characters (#728673) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0520 CVE-2011-2167 CVE-2011-4318 CVE-2011-2166 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27953 | |||
Oval ID: | oval:org.mitre.oval:def:27953 | ||
Title: | DEPRECATED: ELSA-2011-0600 -- dovecot security and enhancement update (moderate) | ||
Description: | [2.0.9-2] - fix issues and assert crashes found in 2.0.9 (lmtp,dotlock,zlib) [2.0.9-1] - dovecot updated to 2.0.9 - fixed a high system CPU usage / high context switch count performance problem - lda: Fixed a crash when trying to send 'out of quota' reply [2.0.8-1] - dovecot updated to 2.0.8 (fixes #654226), pigeonhole updated to 0.2.2 - IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of changes w ere being sent. - Fixed leaking fds when writing to dovecot.mailbox.log. - Fixed rare dovecot.index.cache corruption - zlib: Fixed several crashes, which mainly showed up with mbox. - acl: Fixed crashing when sometimes listing shared mailboxes via dict proxy. - mdbox: Fixed potential assert-crash when saving multiple messages in one transaction - dsync: a lot of fixes - fixed lda + sieve crash | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0600 CVE-2010-3707 CVE-2010-3780 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | dovecot |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28758 | |||
Oval ID: | oval:org.mitre.oval:def:28758 | ||
Title: | RHSA-2009:1459 -- cyrus-imapd security update (Important) | ||
Description: | Updated cyrus-imapd packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1459 CESA-2009:1459-CentOS 5 CVE-2009-2632 CVE-2009-3235 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | cyrus-imapd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8390 | |||
Oval ID: | oval:org.mitre.oval:def:8390 | ||
Title: | DSA-1892 dovecot -- buffer overflow | ||
Description: | It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1892 CVE-2009-2632 CVE-2009-3235 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | dovecot |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for dovecot CESA-2011:1187 centos4 x86_64 File : nvt/gb_CESA-2011_1187_dovecot_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for dovecot CESA-2011:1187 centos5 x86_64 File : nvt/gb_CESA-2011_1187_dovecot_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for dovecot RHSA-2011:0600-01 File : nvt/gb_RHSA-2011_0600-01_dovecot.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-04 (Dovecot) File : nvt/glsa_201110_04.nasl |
2011-09-23 | Name : CentOS Update for dovecot CESA-2011:1187 centos5 i386 File : nvt/gb_CESA-2011_1187_dovecot_centos5_i386.nasl |
2011-09-21 | Name : FreeBSD Ports: dovecot File : nvt/freebsd_dovecot3.nasl |
2011-08-24 | Name : CentOS Update for dovecot CESA-2011:1187 centos4 i386 File : nvt/gb_CESA-2011_1187_dovecot_centos4_i386.nasl |
2011-08-19 | Name : RedHat Update for dovecot RHSA-2011:1187-01 File : nvt/gb_RHSA-2011_1187-01_dovecot.nasl |
2011-08-09 | Name : CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386 File : nvt/gb_CESA-2009_1459_cyrus-imapd_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386 File : nvt/gb_CESA-2009_1459_cyrus-imapd_centos5_i386.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2252-1 (dovecot) File : nvt/deb_2252_1.nasl |
2011-06-20 | Name : Fedora Update for dovecot FEDORA-2011-7612 File : nvt/gb_fedora_2011_7612_dovecot_fc13.nasl |
2011-06-06 | Name : Ubuntu Update for dovecot USN-1143-1 File : nvt/gb_ubuntu_USN_1143_1.nasl |
2011-06-03 | Name : Mandriva Update for dovecot MDVSA-2011:101 (dovecot) File : nvt/gb_mandriva_MDVSA_2011_101.nasl |
2011-06-03 | Name : Fedora Update for dovecot FEDORA-2011-7258 File : nvt/gb_fedora_2011_7258_dovecot_fc14.nasl |
2011-02-11 | Name : Ubuntu Update for dovecot vulnerabilities USN-1059-1 File : nvt/gb_ubuntu_USN_1059_1.nasl |
2010-11-16 | Name : Mandriva Update for dovecot MDVSA-2010:217 (dovecot) File : nvt/gb_mandriva_MDVSA_2010_217.nasl |
2010-10-19 | Name : Mandriva Update for dovecot MDVSA-2010:196 (dovecot) File : nvt/gb_mandriva_MDVSA_2010_196.nasl |
2010-05-28 | Name : Mandriva Update for dovecot MDVSA-2010:104 (dovecot) File : nvt/gb_mandriva_MDVSA_2010_104.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-03-22 | Name : Mandriva Update for iptables MDVA-2010:104 (iptables) File : nvt/gb_mandriva_MDVA_2010_104.nasl |
2009-12-14 | Name : FreeBSD Ports: dovecot File : nvt/freebsd_dovecot2.nasl |
2009-12-02 | Name : Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability File : nvt/gb_dovecot_base_dir_sec_bypass_vuln.nasl |
2009-11-11 | Name : SLES10: Security update for Cyrus IMAPD File : nvt/sles10_cyrus-imapd0.nasl |
2009-11-11 | Name : SLES11: Security update for Cyrus IMAPD File : nvt/sles11_cyrus-imapd0.nasl |
2009-11-11 | Name : SLES9: Security update for Cyrus IMAPD File : nvt/sles9p5061160.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-06 | Name : Ubuntu USN-838-1 (dovecot) File : nvt/ubuntu_838_1.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:242-1 (dovecot) File : nvt/mdksa_2009_242_1.nasl |
2009-09-28 | Name : CentOS Security Advisory CESA-2009:1459 (cyrus-imapd) File : nvt/ovcesa2009_1459.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:242 (dovecot) File : nvt/mdksa_2009_242.nasl |
2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd) File : nvt/fcore_2009_9901.nasl |
2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd) File : nvt/fcore_2009_9869.nasl |
2009-09-28 | Name : Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd) File : nvt/deb_1893_1.nasl |
2009-09-28 | Name : Debian Security Advisory DSA 1892-1 (dovecot) File : nvt/deb_1892_1.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1459 File : nvt/RHSA_2009_1459.nasl |
2009-09-23 | Name : Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities File : nvt/secpod_dovecot_sieve_mult_bof_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74515 | Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Ac... |
74514 | Dovecot script-login User / Group Configuration Settings Remote Access Restri... |
72495 | Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Hand... |
68516 | Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private ... Dovecot contains a flaw related to 'plugins/acl/acl-backend-vfile.c' interpreting an ACL permissions entry which may involve a user's private namespace and is of the same type as a previous ACL entry as an addition rather than a replacement. This may allow a remote authenticated attacker to use a request to read or modify a mailbox to bypass intended access restrictions. |
68515 | Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entr... Dovecot contains a flaw related to 'plugins/acl/acl-backend-vfile.c' interpreting a less specific ACL permissions entry of the same type as a previous more specific ACL entry as an addition rather than a replacement. This may allow a remote authenticated attacker to use a request to read or modify a mailbox to bypass intended access restrictions. |
68513 | Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remo... Dovecot contains a flaw related to the ACL plugin granting admin permissions to mailbox owners in non-public namespaces. This may allow a remote authenticated attacker to bypass intended access restrictions by changing a mailbox's ACL. |
68512 | Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS Dovecot contains a flaw that may allow a remote denial of service. The issue is triggered when a remote authenticated attacker disconnects a large amount of IMAP or POP3 sessions simultaneously, and will result in loss of availability for the master process. |
66625 | Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass Dovecot contains a flaw that may allow a remote denial of service. The issue is triggered due to an error when processing very long header lines, and will result in loss of availability for the service. |
64783 | Dovecot E-mail Message Header Unspecified DoS |
60316 | Dovecot base_dir Directory Permission Weakness Local Privilege Escalation |
58103 | Dovecot CMU Sieve Plugin Script Handling Multiple Overflows Multiple remote overflow exist in Dovecot CMU Sieve Plugin. Dovecot CMU Sieve Plugin fails to conduct unspecified actions resulting in a buffer overflows. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_dovecot20-110525.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_dovecot12-110525.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dovecot12-110525.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dovecot12-101028.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dovecot12-100917.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0520.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1187.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1459.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0520.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130221_dovecot_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0520.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110818_dovecot_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_dovecot_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090923_cyrus_imapd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-04.nasl - Type : ACT_GATHER_INFO |
2011-08-22 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1187.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0b53f5f7ca8a11e0aea300215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1187.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1143-1.nasl - Type : ACT_GATHER_INFO |
2011-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7612.nasl - Type : ACT_GATHER_INFO |
2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2252.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7268.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7258.nasl - Type : ACT_GATHER_INFO |
2011-05-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-101.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0600.nasl - Type : ACT_GATHER_INFO |
2011-02-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1059-1.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-217.nasl - Type : ACT_GATHER_INFO |
2010-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_dovecot12-101028.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cyrus-imapd-6521.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-196.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_dovecot12-100917.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-306.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-104.nasl - Type : ACT_GATHER_INFO |
2010-04-29 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_dovecot12-100426.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1893.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1892.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_dovecot12-100118.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1459.nasl - Type : ACT_GATHER_INFO |
2009-12-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_30211c45e52a11deb5cd00e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_cyrus-imapd-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_cyrus-imapd-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_cyrus-imapd-6511.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cyrus-imapd-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cyrus-imapd-6509.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12520.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote openSUSE host is missing a security update. File : suse_dovecot-6539.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_dovecot-091008.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_dovecot-091007.nasl - Type : ACT_GATHER_INFO |
2009-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-838-1.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9869.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9901.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1459.nasl - Type : ACT_GATHER_INFO |
2009-09-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-242.nasl - Type : ACT_GATHER_INFO |
2009-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9559.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:00 |
|