2 matches found
USN-387-1: Dovecot vulnerability
Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmapdisable=yes" were vulnerable...
Dovecot IMAP/POP3 server: Off-by-one buffer overflow
Version: 1.0test53 .. 1.0.rc14 ie. all 1.0alpha, 1.0beta and 1.0rc versions in the middle. 0.99.x versions are safe they don't even have mmapdisable setting. Problem: When mmapdisable=yes setting is used not default, dovecot.index.cache file is read to memory using "file cache" code. It contains ...