Red Hat Security Advisory 2022-8219-01 - Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Issues addressed include a buffer overflow vulnerability.
fefbdd46533f31ed13f8f99f50cde55d7df767b954e1842332f8cf2d52392e38Red Hat Security Advisory 2022-8208-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a privilege escalation vulnerability.
1c058e83ddb123ad31ada14507e1f3dd3a47def167186e8200331dc747993688Red Hat Security Advisory 2022-7623-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a privilege escalation vulnerability.
b179fbf11c0921bcf24d4d4ab71f281c6b8c8d9b3c9c355b2c652a2687e77864Red Hat Security Advisory 2022-7640-01 - Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Issues addressed include a buffer overflow vulnerability.
93bb58cc025203cb3fd5abcf648849004767f0081e36e801c3133795e36a1123THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
c906e2dd959da7ea192861bc4bccddfed9bc1799826f7600255f57160fd765f8Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication.
c9c1a6dcc53febbada1b722a950a737522f4c2987b34eb7b27226ddd2a58c66bRed Hat Security Advisory 2022-1950-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
c96d5111f5070a5af8936a5b285732d58b1ba5c094025f86d272acb9af844c39Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.
06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
3977221a7eb176cd100298c6d47939999a920a628868ae1aceed408a21e04013Debian Linux Security Advisory 5037-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
3cfd37c51848a3388ff17f5e35ac72a031f6545fee19d28d0c674f22610b9162Debian Linux Security Advisory 5013-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages. This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks.
a03a03eab4188f259316a76f031e24b205af8e66667b567c402a33759e43f75aRed Hat Security Advisory 2021-4181-03 - Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Issues addressed include a memory leak vulnerability.
f637abbe05b01eb8ecdc9dab201e7c132c21c24013b36468c1d62133ed476d79Red Hat Security Advisory 2021-3546-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.
f906598321e1f6eb52920261111c9632db38f848be1dac81ce1c97c946db901bRed Hat Security Advisory 2021-3492-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.
43f8d9b01207dfa0d24b4cf764fa6d29dbe280a0e6ebb6265c1f1fdee7b31282Red Hat Security Advisory 2021-3493-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.
df5df5a67956e4c3f6b317fc69d22d4f177a767e0113d518d0c06f4225ab743dUbuntu Security Notice 5058-1 - It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
d439dc830ff759d365c01af29919212afc94c2f9e8414adca8c017e63f81126fRed Hat Security Advisory 2021-1887-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a denial of service vulnerability.
045796f3b8418b5d1ac6859ee2713ae9bc1a6fe4c33f84ee2b09f1874015aaf9THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
1a28f064763f9144f8ec574416a56ef51c0ab1ae2276e35a89ceed4f594ec5d2Dovecot versions 2.2.26 through 2.3.11.3 suffer from a bypass issue. When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using a specially crafted command. The attacker must have valid credentials to access the mail server.
5e5468067fc35516788b52ac2a4e75207c4c6d4b1f0ea93176e970b293daf7d6Ubuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
a6fb24566e34ca33892166efc08d56441a09b26e354fd4b998d65c1ffc7d4c66Debian Linux Security Advisory 4821-1 - Alex Birnberg discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling HTML or Plain text messages with malicious content.
767561724a53319077d3cdf5d57e9f5904fcd9eb4ae9dc5d7a3475c8e8af11f2Red Hat Security Advisory 2020-4763-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include denial of service and use-after-free vulnerabilities.
95023ee6ccfb4930ceec503cc37701c443c932cfb1c4e11e4b4e377d760694eaRed Hat Security Advisory 2020-4655-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Issues addressed include bypass and privilege escalation vulnerabilities.
351b1e471e4038244a22555e9ae5e3516d9d76c701f6e5c112212a28d3c5a7d5Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
d19bb3d7c5778cad2232b0d3f1d4767258f76d7dff5b87c5147ddaeec6110b97Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.
b29e714d866e6ec6075866950847cbd51cb8d46269dd8a4d6182d91d2d346043
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed