CVE-2019-3814

Related Files

Red Hat Security Advisory 2020-1062-01

Posted Apr 1, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1062-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, imap

systems | linux, redhat, unix

advisories | CVE-2019-3814, CVE-2019-7524

SHA-256 | 1517dbf1863f00fb4691f1e13a0cdc1507d4badbd0e6e5642066299d6a0fc9c0

Download | Favorite | View

Red Hat Security Advisory 2019-3467-01

Posted Nov 6, 2019

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3467-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. An improper certificate validation flaw was addressed.

tags | advisory, imap

systems | linux, redhat, unix

advisories | CVE-2019-3814

SHA-256 | 8027c31b4c10faece7b28da784f2a6a05ab98330fb28f169af820461e3f809ab

Download | Favorite | View

Gentoo Linux Security Advisory 201904-19

Posted Apr 17, 2019

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.

tags | advisory, root, vulnerability

systems | linux, gentoo

advisories | CVE-2019-3814, CVE-2019-7524

SHA-256 | ce3244367b87fcc80f3c1b30e2cd4f8e11bb766839c1f9b30ca32d7fdfb24186

Download | Favorite | View

Debian Security Advisory 4385-1

Posted Feb 6, 2019

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.

tags | advisory, bypass

systems | linux, debian

advisories | CVE-2019-3814

SHA-256 | 6833491f703287eb135623eab6b3f3e0926f3acd5a1bb2dc72afa6c93a8a9b33

Download | Favorite | View

Ubuntu Security Notice USN-3881-2

Posted Feb 6, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2019-3814

SHA-256 | 1d145a7d6061f246f48a848680c45f7979b1476512372f57248c8bafef25526b

Download | Favorite | View

Ubuntu Security Notice USN-3881-1

Posted Feb 5, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-1 - It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2019-3814

SHA-256 | 81303d55c739f8568896780709c6a639e81aad971c982094aa53db5d0c65afcf

Download | Favorite | View