Oracle Linux 6 : dovecot (ELSA-2011-0600)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0600 advisory. 2.0.9-2 - fix issues and assert crashes found in 2.0.9 lmtp,dotlock,zlib 2.0.9-1 - dovecot updated to 2.0.9 - fixed a high system CPU usage / high...

CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...

CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...

CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...

Cross site request forgery (csrf)

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving...

CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...

CVE-2010-0745

CVE-2010-0745 affects Dovecot 1.2.x prior to 1.2.11. An unspecified vulnerability allows remote attackers to cause a denial of service (CPU usage) by sending e-mails with long headers. Public sources (Mandriva/SUSE advisories and related OpenVAS entries) indicate upgrading to Dovecot 1.2.11 or ne...

CVE-2009-3897

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the basedir directory, and possibly the basedir directory...

CVE-2008-5301

CVE-2008-5301 affects the Dovecot ManageSieve component with versions 1.0.15, 1.1, and 1.2. The vulnerability is a directory traversal: an attacker can supply a script name containing ".." to read and modify arbitrary .sieve files on the server. This is the explicit root cause identified in the c...