Test Kennung:	1.3.6.1.4.1.25623.1.0.60588
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200803-25 (dovecot)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200803-25.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200803-25. Vulnerability Insight: Two vulnerabilities in Dovecot allow for information disclosure and argument injection. Solution: All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.0.13-r1' This version removes the 'mail_extra_groups' option and introduces a 'mail_privileged_group' setting which is handled safely. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1199 BugTraq ID: 28092 http://www.securityfocus.com/bid/28092 Bugtraq: 20080304 Dovecot mail_extra_groups setting is often used insecurely (Google Search) http://www.securityfocus.com/archive/1/489133/100/0/threaded Debian Security Information: DSA-1516 (Google Search) http://www.debian.org/security/2008/dsa-1516 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html http://security.gentoo.org/glsa/glsa-200803-25.xml http://www.dovecot.org/list/dovecot-news/2008-March/000061.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10739 http://www.redhat.com/support/errata/RHSA-2008-0297.html http://secunia.com/advisories/29226 http://secunia.com/advisories/29385 http://secunia.com/advisories/29396 http://secunia.com/advisories/29557 http://secunia.com/advisories/30342 http://secunia.com/advisories/32151 SuSE Security Announcement: SUSE-SR:2008:020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html https://usn.ubuntu.com/593-1/ XForce ISS Database: dovecot-mailextragroups-unauth-access(41009) https://exchange.xforce.ibmcloud.com/vulnerabilities/41009 Common Vulnerability Exposure (CVE) ID: CVE-2008-1218 BugTraq ID: 28181 http://www.securityfocus.com/bid/28181 Bugtraq: 20080312 rPSA-2008-0108-1 dovecot (Google Search) http://www.securityfocus.com/archive/1/489481/100/0/threaded https://www.exploit-db.com/exploits/5257 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108 http://www.dovecot.org/list/dovecot-news/2008-March/000064.html http://www.dovecot.org/list/dovecot-news/2008-March/000065.html http://secunia.com/advisories/29295 http://secunia.com/advisories/29364 XForce ISS Database: dovecot-tab-authentication-bypass(41085) https://exchange.xforce.ibmcloud.com/vulnerabilities/41085
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.