Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201110-04
HistoryOct 10, 2011 - 12:00 a.m.

Dovecot: Multiple vulnerabilities

2011-10-1000:00:00
Gentoo Foundation
security.gentoo.org
12

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.083 Low

EPSS

Percentile

94.3%

JSON

Background

Dovecot is an IMAP and POP3 server written with security primarily in mind.

Description

Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could exploit these vulnerabilities to cause the remote execution of arbitrary code, or a Denial of Service condition, to conduct directory traversal attacks, corrupt data, or disclose information.

Workaround

There is no known workaround at this time.

Resolution

All Dovecot 1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.2.17"

All Dovecot 2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.0.13"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 28, 2011. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-mail/dovecot< 2.0.13UNKNOWN

Related

openvas 71
nessus 48
securityvulns 6
ubuntu 2
debian 7
oraclelinux 3
redhat 3
centos 2
prion 11
ubuntucve 11
debiancve 10
veracode 6
cve 11
freebsd 2
fedora 5
osv 1
openvas
openvas
Gentoo Security Advisory GLSA 201110-04 (Dovecot)
2012-02-12 00:00:00
Gentoo Security Advisory GLSA 201110-04 (Dovecot)
2012-02-12 00:00:00
Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
2010-11-16 00:00:00
nessus
nessus
GLSA-201110-04 : Dovecot: Multiple vulnerabilities
2011-10-11 00:00:00
Ubuntu 10.04 LTS / 10.10 : dovecot vulnerabilities (USN-1059-1)
2011-02-08 00:00:00
Mandriva Linux Security Advisory : dovecot (MDVSA-2010:217)
2010-11-01 00:00:00
securityvulns
securityvulns
Dovecot multiple security vulnerabilities
2010-11-02 00:00:00
[ MDVSA-2010:217 ] dovecot
2010-11-02 00:00:00
Dovecot weak permissions
2009-12-01 00:00:00
ubuntu
ubuntu
Dovecot vulnerabilities
2011-02-07 00:00:00
Dovecot vulnerability
2011-06-02 00:00:00
debian
debian
BSA-006 Security Update for dovecot
2010-10-13 09:56:59
BSA-006 Security Update for dovecot
2010-10-12 21:45:52
[Backports-security-announce] Security Update for dovecot
2009-12-02 19:11:31
oraclelinux
oraclelinux
dovecot security and enhancement update
2011-05-28 00:00:00
dovecot security and bug fix update
2013-02-22 00:00:00
dovecot security update
2011-08-18 00:00:00
redhat
redhat
(RHSA-2011:0600) Moderate: dovecot security and enhancement update
2011-05-19 00:00:00
(RHSA-2013:0520) Low: dovecot security and bug fix update
2013-02-21 00:00:00
(RHSA-2011:1187) Moderate: dovecot security update
2011-08-18 00:00:00
centos
centos
dovecot security update
2013-02-27 19:34:23
dovecot security update
2011-08-19 12:26:31
prion
prion
Design/Logic Flaw
2010-10-06 21:00:00
Code injection
2010-10-06 21:00:00
Directory traversal
2011-05-24 23:55:00
ubuntucve
ubuntucve
CVE-2010-3779
2010-10-06 00:00:00
CVE-2010-3780
2010-10-06 00:00:00
CVE-2010-3706
2010-10-06 00:00:00
debiancve
debiancve
CVE-2010-3779
2010-10-06 21:00:00
CVE-2010-3780
2010-10-06 21:00:00
CVE-2010-3706
2010-10-06 17:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:01:49
Directory Traversal
2019-05-02 04:53:01
Arbitrary Code Execution
2020-04-10 00:38:24
cve
cve
CVE-2010-3779
2010-10-06 21:00:00
CVE-2010-3780
2010-10-06 21:00:00
CVE-2011-2167
2011-05-24 23:55:00
freebsd
freebsd
dovecot -- Insecure directory permissions
2009-11-20 00:00:00
dovecot -- denial of service vulnerability
2011-05-25 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: dovecot-2.0.13-1.fc15
2011-05-27 20:20:10
[SECURITY] Fedora 13 Update: dovecot-1.2.17-1.fc13
2011-06-11 04:26:39
[SECURITY] Fedora 10 Update: cyrus-imapd-2.3.15-1.fc10
2009-09-24 05:17:25
osv
osv
dovecot - arbitrary code execution
2009-09-23 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.083 Low

EPSS

Percentile

94.3%

JSON
Related for GLSA-201110-04
openvas71nessus48securityvulns6ubuntu2debian7oraclelinux3redhat3centos2prion11ubuntucve11debiancve10veracode6cve11freebsd2fedora5osv1