Ubuntu: Security Advisory (USN-593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for dovecot FEDORA-2008-2464

Check for the Version of dovecot OpenVAS Vulnerability Test Fedora Update for dovecot FEDORA-2008-2464 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for dovecot FEDORA-2008-2475

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for dovecot FEDORA-2008-2475

Check for the Version of dovecot OpenVAS Vulnerability Test Fedora Update for dovecot FEDORA-2008-2475 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : dovecot vulnerabilities (USN-593-1)

It was discovered that the default configuration of dovecot could allow access to any email files with group 'mail' without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. CVE-2008-1199 ...

USN-593-1: Dovecot vulnerabilities

It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. CVE-2008-1199 ...

Debian: Security Advisory (DSA-1516-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1516-1 (dovecot)

The remote host is missing an update to dovecot announced via advisory DSA 1516-1. OpenVAS Vulnerability Test $Id: deb15161.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1516-1 dovecot Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Dovecot: Multiple vulnerabilities

Background Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail server. Description Dovecot uses the group configured via the "mailextragroups" setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files CVE-2008-1199. Dovecot do...

Debian DSA-1516-1 : dovecot - privilege escalation

Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory on the server for example, through an SSH login could read and also delete via a symbolic link mailboxes...

Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit

No description provided by source. lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit...

[SECURITY] [DSA 1516-1] New dovecot packages fix privilege escalation

---------------------------------------------------------------------- Debian Security Advisory DSA-1516-1 [email protected] http://www.debian.org/security/ Florian Weimer March 14, 2008 http://www.debian.org/security/faq - ----------------------------------------------------------------------...

Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure

Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry...

DSA-1516-1 dovecot - privilege escalation

Bulletin has no description...

CVE-2008-1218

creationtimestamp| type| source ---|---|--- 2008-03-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/5257...

Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure

lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit written by Kingcope import sys impor...

Fedora 8 : dovecot-1.0.13-6.fc8 (2008-2464)

This update upgrades dovecot from version 1.0.10 to 1.0.13. Besides bug fixes, two security issues were fixed upstream in version 1.0.11 and 1.0.13. CVE-2008-1199 If Dovecot was configured with mailextragroups = mail, users having shell access to IMAP server could use this flaw to read, modify or...

CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

CVE-2008-1218

CVE-2008-1218 describes an argument injection vulnerability in Dovecot when using blocking passdbs. The issue occurs because passwords containing TAB characters are treated as argument delimiters, enabling the skip_password_check field to be set and bypass password verification. Affected are Dove...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1218. Reason: This candidate is a duplicate of CVE-2008-1218. Notes: All CVE users should reference CVE-2008-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...