Open-Xchange Dovecot versions 2.3.0 through 2.3.10 suffer from null pointer dereference and denial of service vulnerabilities.
3aa6155c0580d269fb7fdbdd9648de20d10f066c289ea5f31c5a7bb2f6be630bDebian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
1e397e9152a659f46c090079c2cfa537c94c26a24228f0d5373aa8bb6b50bc9aMandriva Linux Security Advisory 2009-242-1 - Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. This update provides a solution to this vulnerability. Packages for Enterprise 5 i586 were missing with the previous update. This update corrects this.
3ff703ae3b6e20dd33a5d12e7051dc9c952cc03eb15b2ecbb3c0c5bfeb7bb118Mandriva Linux Security Advisory 2009-242 - Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. This update provides a solution to this vulnerability.
80f351c6a3b26822c8b61e57555dc19e23273967fdd3cb21f93b646faea72c11Secunia Security Advisory - Fedora has issued an update for dovecot. This fixes some vulnerabilities, which can be exploited by malicious users to potentially compromise a vulnerable system.
6fe9c139c56c563b8e87253873d2354a9201134eef689205afad07d82a8d1b78Secunia Security Advisory - Some vulnerabilities have been reported in the CMU Sieve plugin for Dovecot, which can be exploited by malicious users to potentially compromise a vulnerable system.
e62261df5e9ee44c2747f376b2dda852fcb789201059814b69c64f0a08b6b7d9Secunia Security Advisory - Red Hat has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
04e1bd52dacd6f3765f95a62579c003386696d3fd07fab4b6d1becf4d1224e01Secunia Security Advisory - rPath has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
6f91e3618cd51746c77d1e10782e15a0ee86cb49cb7373a498b80f2ce20e748fGentoo Linux Security Advisory GLSA 200812-16 - Multiple vulnerabilities were found in the Dovecot mailserver. Versions less than 1.1.7-r1 are affected.
469caccee3552d8a95b0ef10e4b692ab98806818590798925e276bd7f6bb66a0Mandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes.
3dcb5d843d56558227e4581b0d21854b12e0ece4e41854a8044f583cb9217495Secunia Security Advisory - A security issue has been reported in Dovecot ManageSieve, which can be exploited by malicious users to bypass certain security restrictions.
e2cdadc2e34008a32598f1eb23756191c7d24762a4526678aa5570f227c23461Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c2cc7d9eac1cd2e80a76713318d123b41535bbc903f866442d5dcc70eee02733Pardus Linux Security Advisory 2008-64 - A denial of service condition from invalid message address parsing exists in Dovecot versions before 1.1.6-18-3.
23e2c4b0204b71072efe9f5aae407275eff23fa3c9e66fcd6c3f43ffc8bd5cc1Ubuntu Security Notice USN-666-1 - It was discovered that certain email headers were not correctly handled by Dovecot. If a remote attacker sent a specially crafted email to a user with a mailbox managed by Dovecot, that user's mailbox would become inaccessible through Dovecot, leading to a denial of service.
cb9adf49af566bb890cb7ccccbddd9f251d03dfc07b02d00c784ebf84e81b01cSecunia Security Advisory - Fedora has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
8da7d2d3f5e476d6c8c63be7355a87f46f4919f3a233207164d47f0d8fbb5ca0Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).
3e104c182e6e91622a9b22d446bfc8f71eb8d40fd2ad1c1b10b3bf121be43eb3Secunia Security Advisory - SUSE has issued an update for dovecot and graphicsmagic. This fixes a security issue and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
c28247e0b200450cb90fd838dad81b9c3fe1a43aa9d9ae57bb8c7ac3bd8af1efSecunia Security Advisory - Two security issues have been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions.
5ab6a4ce90173cfd63042b73fb491301ec9b7d84e3b6818564c9939e6897c05dSecunia Security Advisory - Red Hat has issued an update for dovecot. This fixes a weakness and a security issue, which can be exploited by malicious users to bypass certain security restrictions.
b2c3cc75ad8dcdd0145e47216725672e02a3bc8e6f0b3593bf09c3848125a7aaSecunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
e879b991b43be1002bb94ca05d94eeee253c34cd1a6492dc9acaa9da99d0c8e6Ubuntu Security Notice 593-1 - It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.
152ff94141df0e8a6338bc7c8610db35bac87dfa8800d44c753be25d8facba18Gentoo Linux Security Advisory GLSA 200803-25 - Dovecot uses the group configured via the mail_extra_groups setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-2008-1218). Versions less than 1.0.13-r1 are affected.
fb1e2aa89b8d638ac9d92a8d9d47c0d14f9b826b630c8234297bdaa619cf3a8fSecunia Security Advisory - Gentoo has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
61e2ef20a95d0d2f8981dbbf0170c267608146efc8bfce855fc64feb9cf5d56dSecunia Security Advisory - Debian has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
14af901f9c88afbc7753653696efd964622193c964e2fa379d4372a022293b2dDovecot IMAP versions 1.0.10 through 1.1rc2 remote email disclosure exploit.
9a776a8b279c82fd8f796f0c22026971144ae821b08b050dc4b98590453098baDebian Security Advisory 1516-1 - Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable.
a2667d8c90b0936343ce050454a16ff50b3ba2bc37efbcf9f47835a9199619ba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed