what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Dovecot 2.3.11.3 Access Bypass
Posted Jan 7, 2021
Authored by Aki Tuomi

Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.

tags | advisory, imap, bypass
advisories | CVE-2020-24386
SHA-256 | 5e5468067fc35516788b52ac2a4e75207c4c6d4b1f0ea93176e970b293daf7d6

Related Files

Debian Security Advisory 4385-1
Posted Feb 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.

tags | advisory, bypass
systems | linux, debian
advisories | CVE-2019-3814
SHA-256 | 6833491f703287eb135623eab6b3f3e0926f3acd5a1bb2dc72afa6c93a8a9b33
Ubuntu Security Notice USN-3881-2
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
SHA-256 | 1d145a7d6061f246f48a848680c45f7979b1476512372f57248c8bafef25526b
Ubuntu Security Notice USN-3881-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-1 - It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
SHA-256 | 81303d55c739f8568896780709c6a639e81aad971c982094aa53db5d0c65afcf
Ubuntu Security Notice USN-3587-2
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3587-2 - USN-3587-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-14461, CVE-2017-15130
SHA-256 | c1f6d6e6682487d0c9dcfa66fa41c4337fa8d5078553630d242b82e7cbd1dc0d
Debian Security Advisory 4130-1
Posted Mar 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4130-1 - Several vulnerabilities have been discovered in the Dovecot email server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-14461, CVE-2017-15130, CVE-2017-15132
SHA-256 | b72645d04abb2796b35b7272e5208019f22ef74f7893524d18a0bb44b81ddbd3
Ubuntu Security Notice USN-3587-1
Posted Mar 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3587-1 - It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-14461, CVE-2017-15130
SHA-256 | 625cfc8b26e130e4d7c58da134e865f2618f6ccdfec01a7149b33f4a9d48d196
Ubuntu Security Notice USN-3556-2
Posted Feb 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-2 - USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6171, CVE-2017-15132
SHA-256 | ec5451f5f5fbad1a4b5d212e71f5225bc2c339fdc87e030edc7b410d020b013e
Ubuntu Security Notice USN-3556-1
Posted Feb 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-1 - It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15132
SHA-256 | 0473bcf7129589affc6d1fedea923af193ac11328da392835fb739e0029610ed
Ubuntu Security Notice USN-3258-2
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-2 - USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
SHA-256 | aeb7eb5a4c7e0c1d570d72040645a8653b06cc2f415273328b2ef5fddc33d78f
Ubuntu Security Notice USN-3258-1
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-1 - It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
SHA-256 | 5101ff0e70771f14628412493ecbd468dc95e9c6bd6f142a841f86cabb362f8b
Mandriva Linux Security Advisory 2015-113
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-113 - Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time.

tags | advisory, imap
systems | linux, mandriva
advisories | CVE-2014-3430
SHA-256 | 02bb0de3a8646cbeff42c1216386daf1423a1ee06013225762cc7befed905053
Gentoo Linux Security Advisory 201412-03
Posted Dec 8, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-3 - A vulnerability in Dovecot could allow a remote attacker to create a Denial of Service condition. Versions less than 2.2.13 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2014-3430
SHA-256 | 3d75dd34d40e4219d0c2b708283b8f3aac32e24327f5de51520a41dbd3e58729
Red Hat Security Advisory 2014-0790-01
Posted Jun 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0790-01 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made.

tags | advisory, remote, denial of service, imap
systems | linux, redhat, unix
advisories | CVE-2014-3430
SHA-256 | 0e13ed0ca0865bb4148cdab7442ec2e3cbc2d65acb04cd37108d09f3f118e88c
Debian Security Advisory 2954-1
Posted Jun 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2954-1 - It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections.

tags | advisory, denial of service, imap
systems | linux, debian
advisories | CVE-2014-3430
SHA-256 | f7b574186100faa3350fd62bea077a55c41e1162c8a545f104e6d1fc73023950
Mandriva Linux Security Advisory 2014-099
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-099 - Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, imap
systems | linux, mandriva
advisories | CVE-2014-3430
SHA-256 | b82ca56efd8853684a23112efde2dd54f66c4a5430e065066c7fe0aae9e7b563
Ubuntu Security Notice USN-2213-1
Posted May 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2213-1 - It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3430
SHA-256 | e11d65530516edf471c037d15e12b497989180e21221b6dc72a4223832e170ed
Exim and Dovecot Insecure Configuration Command Injection
Posted Jun 10, 2013
Authored by juan vazquez, temp66, eKKiM | Site metasploit.com

This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of the user-controlled variables, which has been successfully tested on Debian Squeeze using the default Exim4 with dovecot-common packages.

tags | exploit, arbitrary
systems | linux, debian
advisories | OSVDB-93004
SHA-256 | d72b6de0ba7eaf73295bab2780dde4862dd95a6711d35c8ea50c93c6aad58c90
Exim / Dovecot Command Execution
Posted May 3, 2013
Site redteam-pentesting.de

During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the Dovecot IMAP and POP3 server is the use of Dovecot as a local delivery agent for Exim. The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability in Exim.

tags | exploit, remote, local, imap
SHA-256 | 3025b7b604291903b2d800d82014d424dcaadbb269d1a91c5be2394530f8e8c8
Red Hat Security Advisory 2013-0520-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0520-02 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts.

tags | advisory, remote, imap
systems | linux, redhat, unix
advisories | CVE-2011-2166, CVE-2011-2167, CVE-2011-4318
SHA-256 | cc2d82431b7724dffbd1e1d10167102f8893f413a9eb44dd0dce08dd119b4ef9
Secunia Security Advisory 51455
Posted Dec 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 166faf700353ac5b78bff3f97f1c0a2f54b93c1727613d0f027b76a4d464dd10
Secunia Security Advisory 47990
Posted Feb 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for dovecot20. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, suse
SHA-256 | b5c11faf884cfb2c3a51a3a613864ad1f4376c2a30c315696f6ba6d23e02b1e4
Secunia Security Advisory 47177
Posted Dec 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, ubuntu
SHA-256 | fa03a044c88be5c75936565493afd98b0cb9a8bb9593e9c4439aa7cae27d794f
Ubuntu Security Notice USN-1295-1
Posted Dec 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote, imap
systems | linux, ubuntu
advisories | CVE-2011-4318
SHA-256 | 6537b446fcea6b049718ea977697f880df756abeecdad9dba3605ca876e59b50
Secunia Security Advisory 46886
Posted Nov 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Dovecot, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | bd8958539c6a4e96d0b9d1edc6740fdb1d8250288d146f05875365b36ff733df
Secunia Security Advisory 46363
Posted Oct 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for dovecot. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
SHA-256 | fc3bd0444c3f608ec2e5e85f1baa10bd0ccab1190697403d9026f93af1b91a0e
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close