what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service
Posted May 19, 2020
Authored by Philippe Antoine

Open-Xchange Dovecot versions 2.3.0 through 2.3.10 suffer from null pointer dereference and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2020-10957, CVE-2020-10958, CVE-2020-10967
MD5 | 4607a1940a12664e8ead49b330c8f65f

Related Files

Debian Security Advisory 4385-1
Posted Feb 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.

tags | advisory, bypass
systems | linux, debian
advisories | CVE-2019-3814
MD5 | 59f2eb21224b4ade9f55a314275c3509
Ubuntu Security Notice USN-3881-2
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
MD5 | 9d23ce1274d573e9d037153a6f17b56b
Ubuntu Security Notice USN-3881-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-1 - It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
MD5 | a7b034214697ad1cd15b379ec5191896
Ubuntu Security Notice USN-3587-2
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3587-2 - USN-3587-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-14461, CVE-2017-15130
MD5 | 963da2871bf71ac3e836e99dde64e83f
Debian Security Advisory 4130-1
Posted Mar 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4130-1 - Several vulnerabilities have been discovered in the Dovecot email server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-14461, CVE-2017-15130, CVE-2017-15132
MD5 | ff5358c46cf0f32f866398aa80f7ae8f
Ubuntu Security Notice USN-3587-1
Posted Mar 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3587-1 - It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-14461, CVE-2017-15130
MD5 | d950c50445bd3f0c41053e96a325ea91
Ubuntu Security Notice USN-3556-2
Posted Feb 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-2 - USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6171, CVE-2017-15132
MD5 | 4091c7cb3a9ad7e3a4944059d46c34e6
Ubuntu Security Notice USN-3556-1
Posted Feb 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-1 - It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15132
MD5 | 294630c680214a3ee5baa8d8152aa817
Ubuntu Security Notice USN-3258-2
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-2 - USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
MD5 | 1b7f20688cdee39f1561015c533c2767
Ubuntu Security Notice USN-3258-1
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-1 - It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
MD5 | af7008a864a44cf5989e2b4c2c000f8a
Mandriva Linux Security Advisory 2015-113
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-113 - Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time.

tags | advisory, imap
systems | linux, mandriva
advisories | CVE-2014-3430
MD5 | 04e7a260c9adecc73f42dd9613092367
Gentoo Linux Security Advisory 201412-03
Posted Dec 8, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-3 - A vulnerability in Dovecot could allow a remote attacker to create a Denial of Service condition. Versions less than 2.2.13 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2014-3430
MD5 | ef6a92636e367a9765ae0e831d5d74bc
Red Hat Security Advisory 2014-0790-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0790-01 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made.

tags | advisory, remote, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2014-3430
MD5 | f72fa3d0e02a43263c34e61052b660d6
Debian Security Advisory 2954-1
Posted Jun 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2954-1 - It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections.

tags | advisory, denial of service, imap
systems | linux, debian
advisories | CVE-2014-3430
MD5 | d6be4ce8a522c3a4434851e5d9df1a86
Mandriva Linux Security Advisory 2014-099
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-099 - Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, imap
systems | linux, mandriva
advisories | CVE-2014-3430
MD5 | 203a4d17ba895e3795644fd85f6341ee
Ubuntu Security Notice USN-2213-1
Posted May 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2213-1 - It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3430
MD5 | 7cdbbdd18ee577a201ea66d4307053cf
Exim and Dovecot Insecure Configuration Command Injection
Posted Jun 10, 2013
Authored by juan vazquez, temp66, eKKiM | Site metasploit.com

This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of the user-controlled variables, which has been successfully tested on Debian Squeeze using the default Exim4 with dovecot-common packages.

tags | exploit, arbitrary
systems | linux, debian
advisories | OSVDB-93004
MD5 | 776fd7288a0f85a2bd74929aec5c63d1
Exim / Dovecot Command Execution
Posted May 3, 2013
Site redteam-pentesting.de

During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the Dovecot IMAP and POP3 server is the use of Dovecot as a local delivery agent for Exim. The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability in Exim.

tags | exploit, remote, local, imap
MD5 | 1994399ebd39fa4d51af46bfbc6db4cf
Red Hat Security Advisory 2013-0520-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0520-02 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts.

tags | advisory, remote, imap
systems | linux, redhat, unix
advisories | CVE-2011-2166, CVE-2011-2167, CVE-2011-4318
MD5 | ef231740b8ca6b9b93e90d72bc08a8d9
Secunia Security Advisory 51455
Posted Dec 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 2591d21b5edc37c491328c7aa1b87b05
Secunia Security Advisory 47990
Posted Feb 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for dovecot20. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, suse
MD5 | de2ed0d73cbf641b1cf0a0c91851cafd
Secunia Security Advisory 47177
Posted Dec 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, ubuntu
MD5 | 381f7d84fa1d6cccc650e8065ac04006
Ubuntu Security Notice USN-1295-1
Posted Dec 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote, imap
systems | linux, ubuntu
advisories | CVE-2011-4318
MD5 | 0ec283334fb5e1c8e7698d44ed166f92
Secunia Security Advisory 46886
Posted Nov 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Dovecot, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 1ffca2a8c7965a011fbf5bbfc285796d
Secunia Security Advisory 46363
Posted Oct 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for dovecot. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
MD5 | 042f15795ba5b53ebe1a3d7c895b2850
Page 1 of 4
Back1234Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close