[Forgot Password]
Login  Register Subscribe

23631

 
 

123886

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-838-1 -- dovecot vulnerabilities

ID: oval:org.secpod.oval:def:700425Date: (C)2011-05-13   (M)2017-11-27
Class: PATCHFamily: unix




It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code

Platform:
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product:
dovecot
Reference:
USN-838-1
CVE-2008-4577
CVE-2008-5301
CVE-2009-2632
CVE-2009-3235
CVE    4
CVE-2009-3235
CVE-2008-5301
CVE-2008-4577
CVE-2009-2632
...
CPE    3
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:9.04

© 2013 SecPod Technologies