Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:BSA-006:01E4A
HistoryOct 12, 2010 - 9:45 p.m.

BSA-006 Security Update for dovecot

2010-10-1221:45:52
lists.debian.org
4
JSON

Marco Nenciarini uploaded new packages for dovecot which fixed the
following security problems:

CVE-2010-3706
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and
2.0.x before 2.0.5 interprets an ACL entry as a directive to add to
the permissions granted by another ACL entry, instead of a directive
to replace the permissions granted by another ACL entry, in certain
circumstances involving the private namespace of a user, which allows
remote authenticated users to bypass intended access restrictions via
a request to read or modify a mailbox.

https://vulners.com/cve/CVE-2010-3706

CVE-2010-3707
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and
2.0.x before 2.0.5 interprets an ACL entry as a directive to add to
the permissions granted by another ACL entry, instead of a directive
to replace the permissions granted by another ACL entry, in certain
circumstances involving more specific entries that occur after less
specific entries, which allows remote authenticated users to bypass
intended access restrictions via a request to read or modify a
mailbox.

https://vulners.com/cve/CVE-2010-3707

CVE-2010-3779
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the
admin permission to the owner of each mailbox in a non-public
namespace, which might allow remote authenticated users to bypass
intended access restrictions by changing the ACL of a mailbox, as
demonstrated by a symlinked shared mailbox.

https://vulners.com/cve/CVE-2010-3779

CVE-2010-3780
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to
cause a denial of service (master process outage) by simultaneously
disconnecting many (1) IMAP or (2) POP3 sessions.

https://vulners.com/cve/CVE-2010-3780

For the lenny-backports distribution the problems have been fixed in
version 1.2.15-1~bpo50+1.

For the current testing (squeeze) and unstable (sid) distributions, the
problem has been fixed in version 1.2.15-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions&gt;

We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

OSVersionArchitecturePackageVersionFilename
Debian999alldovecot< 1.2.15-1dovecot_1.2.15-1_all.deb
Debian6alldovecot< 1.2.15-1dovecot_1.2.15-1_all.deb

Related

debian 1
ubuntu 1
securityvulns 2
openvas 9
nessus 8
oraclelinux 1
redhat 1
gentoo 1
debiancve 4
cve 4
prion 4
ubuntucve 4
veracode 2
debian
debian
BSA-006 Security Update for dovecot
2010-10-13 09:56:59
ubuntu
ubuntu
Dovecot vulnerabilities
2011-02-07 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:217 ] dovecot
2010-11-02 00:00:00
Dovecot multiple security vulnerabilities
2010-11-02 00:00:00
openvas
openvas
Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
2010-11-16 00:00:00
Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
2010-11-16 00:00:00
Ubuntu: Security Advisory (USN-1059-1)
2011-02-11 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 : dovecot vulnerabilities (USN-1059-1)
2011-02-08 00:00:00
Mandriva Linux Security Advisory : dovecot (MDVSA-2010:217)
2010-11-01 00:00:00
Oracle Linux 6 : dovecot (ELSA-2011-0600)
2023-09-07 00:00:00
oraclelinux
oraclelinux
dovecot security and enhancement update
2011-05-28 00:00:00
redhat
redhat
(RHSA-2011:0600) Moderate: dovecot security and enhancement update
2011-05-19 00:00:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2011-10-10 00:00:00
debiancve
debiancve
CVE-2010-3779
2010-10-06 21:00:00
CVE-2010-3780
2010-10-06 21:00:00
CVE-2010-3706
2010-10-06 17:00:00
cve
cve
CVE-2010-3779
2010-10-06 21:00:00
CVE-2010-3780
2010-10-06 21:00:00
CVE-2010-3706
2010-10-06 17:00:00
prion
prion
Design/Logic Flaw
2010-10-06 21:00:00
Code injection
2010-10-06 21:00:00
Cross site request forgery (csrf)
2010-10-06 17:00:00
ubuntucve
ubuntucve
CVE-2010-3779
2010-10-06 00:00:00
CVE-2010-3706
2010-10-06 00:00:00
CVE-2010-3780
2010-10-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:01:49
Access Control Bypass
2020-04-10 01:01:49
JSON
Related for DEBIAN:BSA-006:01E4A
debian1ubuntu1securityvulns2openvas9nessus8oraclelinux1redhat1gentoo1debiancve4cve4prion4ubuntucve4veracode2