Lucene search
UbuntuUSN-1295-1HistoryDec 08, 2011 - 12:00 a.m.
Dovecot vulnerability
2011-12-0800:00:00
ubuntu.com
27
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.3%
Releases
- Ubuntu 11.10
Packages
- dovecot - IMAP and POP3 email server
Details
It was discovered that Dovecot incorrectly validated certificate hostnames
when being used as a POP3 and IMAP proxy. If a remote attacker were able to
perform a machine-in-the-middle attack, this flaw could be exploited to view
sensitive information.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.10 | noarch | dovecot-common | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-dbg | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-dev | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-gssapi | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-imapd | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-ldap | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-lmtpd | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-managesieved | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-mysql | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | dovecot-pgsql | < 1:2.0.13-1ubuntu3.2 | UNKNOWN |
References
Related
openvas
openvas
Ubuntu: Security Advisory (USN-1295-1)
2012-03-16 00:00:00
Dovecot 2.0.x < 2.0.16 Man In The Middle Vulnerability
2019-12-30 00:00:00
Ubuntu Update for dovecot USN-1295-1
2012-03-16 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:53:01
debiancve
debiancve
CVE-2011-4318
2013-03-07 01:55:01
nessus
nessus
Ubuntu 11.10 : dovecot vulnerability (USN-1295-1)
2011-12-09 00:00:00
openSUSE Security Update : dovecot20 (openSUSE-2011-88)
2014-06-13 00:00:00
openSUSE Security Update : dovecot20 (openSUSE-SU-2012:0219-1)
2014-06-13 00:00:00
cve
cve
CVE-2011-4318
2013-03-07 01:55:01
securityvulns
securityvulns
[USN-1295-1] Dovecot vulnerability
2011-12-12 00:00:00
Dovecot insufficient SSL certificates validation
2011-12-12 00:00:00
cvelist
cvelist
CVE-2011-4318
2013-03-07 01:00:00
ubuntucve
ubuntucve
CVE-2011-4318
2011-11-18 00:00:00
nvd
nvd
CVE-2011-4318
2013-03-07 01:55:01
prion
prion
Code injection
2013-03-07 01:55:00
centos
centos
dovecot security update
2013-02-27 19:34:23
redhat
redhat
(RHSA-2013:0520) Low: dovecot security and bug fix update
2013-02-21 00:00:00
oraclelinux
oraclelinux
dovecot security and bug fix update
2013-02-22 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.3%
Related for USN-1295-1