Download
| Alert*
oval:org.secpod.oval:def:503580
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:54109 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:70625 A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of ... oval:org.secpod.oval:def:89003193 This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation . - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication . Other issue fi ... oval:org.secpod.oval:def:116838 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:1601131 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. It was discovered that Dovecot before versions 2.2.36.1 an ... oval:org.secpod.oval:def:116759 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:603836 A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of ... oval:org.secpod.oval:def:704861 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:205525 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1700381 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. It was discovered that Dovecot before versions 2.2.36.1 an ... oval:org.secpod.oval:def:1504402 [1:2.2.36-6] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes [1:2.2.36-5] - fix CVE-2019-3814: improper certificate validation - fix CVE-2019-7524: buffer overflow in indexer-worker proce ... |