Open-Xchange Dovecot versions 2.3.0 through 2.3.10 suffer from null pointer dereference and denial of service vulnerabilities.
3aa6155c0580d269fb7fdbdd9648de20d10f066c289ea5f31c5a7bb2f6be630bGentoo Linux Security Advisory 201110-4 - Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code. Versions less than 2.0.13 are affected.
9c7d8a2c3709f69bccb785657943f9036d02698c11410d7caab2bf38de049a96Secunia Security Advisory - Red Hat has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b72c8fa3854fb5c6707cf3de6130bb88f1f7ae8cb790b2814fe04e6c5a227ae8Red Hat Security Advisory 2011-1187-01 - Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.
66b39592d5b628556923975d937e6ea8db9f542bb93aafbf43312ca9b355d6d5Secunia Security Advisory - Debian has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
989d3747011c79fafba4583936c2de30a1545aa15fc12373066837eb8348038cUbuntu Security Notice 1143-1 - It was discovered that the message header parser in Dovecot did not properly handle '\0' characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes.
8e2a9e84338724a89034dfdf86bbff31632c42c0596a7577e20fe4e52ebd53e6Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
3c1afbe5b150f2cd4fa30b44b72f91a4a8bf36b362184fb11ed36a754c6c6d01Secunia Security Advisory - Fedora has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c33c083eb12e29573f969b9036ea89ec45b35380cc4b403c8e1aa1b67f6eb04dSecunia Security Advisory - SUSE has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
3b62bbad91f133dab890dea616e7c459a50f2b90f1feb7bbebb22317e219ae00Mandriva Linux Security Advisory 2011-101 - lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service via a crafted e-mail message.
35441f3acca0c62584cc4ccaf85769dcc37fed324a8a8c976f3e8c4d50eeaf10Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).
fa22346a655a7c732c704bed8ec712950d8e1e333a0cea4995a2a1081504da85Secunia Security Advisory - Red Hat has issued an update for dovecot. This fixes two vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service).
dca8b07e727401dd13c3ac432fe22e0a10528c3e35744470fdf4ed301ebcb14eSecunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a weakness and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or cause a DoS (Denial of Service).
4bd77183f38d06858de671e307e3a2210f29c1a43ef198ae4126ffbc684e385eUbuntu Security Notice 1059-1 - It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstances. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. It was discovered that the ACL plugin in Dovecot would incorrectly grant the admin permission to owners of certain mailboxes. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. It was discovered that Dovecot incorrectly handled the simultaneous disconnect of a large number of sessions. A remote authenticated user could use this flaw to cause Dovecot to crash, resulting in a denial of service.
a9cd8538ef52a541d5a2d100ec3dd1ab0318a97ae7b3ffe3845a728cd6313b0fMandriva Linux Security Advisory 2010-217 - Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service by simultaneously disconnecting many POP3 sessions. Various other issues have also been addressed.
595ff091e6aa58234bddf6c637804c9a21aa3bffabdfb1bf41b586ca1b7c28a7Secunia Security Advisory - A security issue has been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions.
2c3c30dc0a68b177670da7cb09c90e21e718ed7eb13cd77153314943aea1f936Mandriva Linux Security Advisory 2010-196 - Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9a3686cad02bb3f6785e39683ac633d1dd451a5c0d3265195bc19564d9b9cba3Secunia Security Advisory - A weakness has been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions.
95e574ee16ad360bccf57c58046a1a3464696cfffb13bcb89802bab6fa371e4fDebian Linux Security Advisory 2252-1 - It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers.
17c1016f6e148f176b63126765730b040726b057399b3a1b69c0ae4106f335bbMandriva Linux Security Advisory 2010-104 - Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. This update provides dovecot 1.2.11 which is not vulnerable to this issue and also holds many bugfixes as well.
be280edc7379e901752041c78ada426ae0542e9224936695d7c694aa5b4983cfSecunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).
dd8ca9a5f7b865551b247c438722113715bcccc5a7e5ec033ee1416d443e47e5Mandriva Linux Security Advisory 2009-306 - Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. The updated packages have been patched to correct these issues.
d9571c3961fd47c956899a4032f0b9a1cf3398e9d0bebaf5ba4b56b9ba832758Secunia Security Advisory - A security issue has been reported in Dovecot, which can be exploited by malicious, local user to gain escalated privileges.
ada530a14523fe8e6c0b869280373cd9ba819248e7d44384fe8df29bce0ae82dSecunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service) or compromise a vulnerable system.
4c2cfd3818a8f77b03e5722dad47fd062a6cc8a79dc67660feb996fd8fb8a3ceUbuntu Security Notice USN-838-1 - It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code.
5fd61a6a6d760fcf2bd0a9d66e294c6897bc30e1df8871482b661db6a9b066a1Secunia Security Advisory - Debian has issued an update for dovecot. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system.
c6b4f5cb4c21e536f72b9acedb0b7fded13a1738a38796532cedb0f1740e7abb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed