[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-838-1 -- dovecot vulnerabilities

ID: oval:org.secpod.oval:def:700425Date: (C)2011-05-13   (M)2024-01-23
Class: PATCHFamily: unix




It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code

Platform:
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product:
dovecot
Reference:
USN-838-1
CVE-2008-4577
CVE-2008-5301
CVE-2009-2632
CVE-2009-3235
CVE    4
CVE-2008-5301
CVE-2008-4577
CVE-2009-3235
CVE-2009-2632
...
CPE    3
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:9.04

© SecPod Technologies