Download
| Alert*
|
oval:org.secpod.oval:def:602850
The Dovecot update issued as DSA-3828-1 introduced a regression, this update reverts the backported patch. Further analysis by the Dovecot team has shown that only versions starting from 2.2.26 are affected. For reference, the original advisory text follows. It was discovered that the Dovecot email ... oval:org.secpod.oval:def:601567 dovecot-dev is installed oval:org.secpod.oval:def:600540 It was discovered that the message header parser in the Dovecot mail server parsed NUL characters incorrectly, which could lead to denial of service through malformed mail headers. The oldstable distribution is not affected. oval:org.secpod.oval:def:69845 Several vulnerabilities have been discovered in the dovecot-dev email server. CVE-2020-24386 When imap hibernation is active, an attacker can cause dovecot-dev to discover file system directory structures and access other users" emails via specially crafted commands. CVE-2020-25275 Innokentii Senno ... oval:org.secpod.oval:def:1901889 assert in JSON encoder oval:org.secpod.oval:def:602847 It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand to perform %variable expansion. Sending specially crafted %v ... oval:org.secpod.oval:def:603296 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ... oval:org.secpod.oval:def:603836 A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of ... oval:org.secpod.oval:def:603628 halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in ... oval:org.secpod.oval:def:707625 dovecot: IMAP and POP3 email server Dovecot could allow unintended access to network services. |
