Lucene search
UbuntuUSN-3881-1HistoryFeb 05, 2019 - 12:00 a.m.
Dovecot vulnerability
2019-02-0500:00:00
ubuntu.com
38
Releases
- Ubuntu 18.10
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- dovecot - IMAP and POP3 email server
Details
It was discovered that Dovecot incorrectly handled client certificates. A
remote attacker in possession of a valid certificate with an empty username
field could possibly use this issue to impersonate other users.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.10 | noarch | dovecot-core | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-auth-lua | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-auth-lua-dbgsym | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-core-dbgsym | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-dev | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-gssapi | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-gssapi-dbgsym | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-imapd | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-imapd-dbgsym | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
| Ubuntu | 18.10 | noarch | dovecot-ldap | < 1:2.3.2.1-1ubuntu3.1 | UNKNOWN |
References
Related
nessus
nessus
FreeBSD : mail/dovecot -- Suitable client certificate can be used to login as other user (1340fcc1-2953-11e9-bc44-a4badb296695)
2019-02-06 00:00:00
RHEL 8 : dovecot (RHSA-2019:3467)
2019-11-06 00:00:00
SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:0414-1)
2019-02-19 00:00:00
prion
prion
Code injection
2019-03-27 13:29:00
openvas
openvas
openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2019:0243-1)
2019-02-26 00:00:00
Mageia: Security Advisory (MGASA-2019-0072)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4385-1)
2019-02-04 00:00:00
ubuntu
ubuntu
Dovecot vulnerability
2019-02-05 00:00:00
veracode
veracode
Improper Certificate Validation
2019-11-06 00:20:57
archlinux
archlinux
[ASA-201902-1] dovecot: authentication bypass
2019-02-06 00:00:00
mageia
mageia
Updated dovecot packages fix security vulnerability
2019-02-13 14:08:25
alpinelinux
alpinelinux
CVE-2019-3814
2019-03-27 13:29:00
redhat
redhat
(RHSA-2019:3467) Moderate: dovecot security and bug fix update
2019-11-05 17:48:59
(RHSA-2020:1062) Moderate: dovecot security and bug fix update
2020-03-31 09:14:07
debian
debian
[SECURITY] [DLA 1667-1] dovecot security update
2019-02-07 17:22:08
[SECURITY] [DSA 4385-1] dovecot security update
2019-02-05 16:34:49
[SECURITY] [DSA 4385-1] dovecot security update
2019-02-05 16:34:36
cve
cve
CVE-2019-3814
2019-03-27 13:29:00
ubuntucve
ubuntucve
CVE-2019-3814
2019-02-05 00:00:00
freebsd
freebsd
redhatcve
redhatcve
CVE-2019-3814
2019-02-07 13:49:38
osv
osv
CVE-2019-3814
2019-03-27 13:29:01
dovecot - security update
2019-02-07 00:00:00
dovecot - security update
2019-02-05 00:00:00
suse
suse
Security update for dovecot23 (moderate)
2019-02-26 00:00:00
Security update for dovecot22 (important)
2019-04-17 00:00:00
hackerone
hackerone
Open-Xchange: Username restriction bypass with SSL client authentication
2019-01-16 12:58:11
cvelist
cvelist
CVE-2019-3814
2019-03-27 12:20:45
debiancve
debiancve
CVE-2019-3814
2019-03-27 13:29:00
amazon
amazon
Medium: dovecot
2020-05-08 19:50:00
Medium: dovecot
2020-08-18 19:26:00
oraclelinux
oraclelinux
dovecot security and bug fix update
2019-11-14 00:00:00
dovecot security and bug fix update
2020-04-06 00:00:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2019-04-17 00:00:00
centos
centos
dovecot security update
2020-04-08 17:53:35
fedora
fedora
[SECURITY] Fedora 29 Update: dovecot-2.3.6-3.fc29
2019-07-12 06:17:31
[SECURITY] Fedora 30 Update: dovecot-2.3.6-3.fc30
2019-06-14 00:55:11