FreeBSD Local Security Checks : FreeBSD Ports: dovecot

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61916

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: dovecot

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: dovecot

CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights
as if they are positive access rights, which allows attackers to
bypass intended access restrictions.
CVE-2008-4578
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass
intended access restrictions by using the 'k' right to create
unauthorized 'parent/child/child' mailboxes.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4577
31587
http://www.securityfocus.com/bid/31587
32164
http://secunia.com/advisories/32164
32471
http://secunia.com/advisories/32471
33149
http://secunia.com/advisories/33149
33624
http://secunia.com/advisories/33624
36904
http://secunia.com/advisories/36904
ADV-2008-2745
http://www.vupen.com/english/advisories/2008/2745
FEDORA-2008-9202
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html
FEDORA-2008-9232
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html
GLSA-200812-16
http://security.gentoo.org/glsa/glsa-200812-16.xml
MDVSA-2008:232
http://www.mandriva.com/security/advisories?name=MDVSA-2008:232
RHSA-2009:0205
http://www.redhat.com/support/errata/RHSA-2009-0205.html
SUSE-SR:2009:004
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
USN-838-1
http://www.ubuntu.com/usn/USN-838-1
[Dovecot-news] 20081005 v1.1.4 released
http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
http://bugs.gentoo.org/show_bug.cgi?id=240409
oval:org.mitre.oval:def:10376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376
Common Vulnerability Exposure (CVE) ID: CVE-2008-4578
20081119 Re: [ MDVSA-2008:232 ] dovecot
http://www.securityfocus.com/archive/1/498498/100/0/threaded
dovecot-acl-mailbox-security-bypass(45669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45669

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61916
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: dovecot
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: dovecot CVE-2008-4577 The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. CVE-2008-4578 The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4577 31587 http://www.securityfocus.com/bid/31587 32164 http://secunia.com/advisories/32164 32471 http://secunia.com/advisories/32471 33149 http://secunia.com/advisories/33149 33624 http://secunia.com/advisories/33624 36904 http://secunia.com/advisories/36904 ADV-2008-2745 http://www.vupen.com/english/advisories/2008/2745 FEDORA-2008-9202 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html FEDORA-2008-9232 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html GLSA-200812-16 http://security.gentoo.org/glsa/glsa-200812-16.xml MDVSA-2008:232 http://www.mandriva.com/security/advisories?name=MDVSA-2008:232 RHSA-2009:0205 http://www.redhat.com/support/errata/RHSA-2009-0205.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html USN-838-1 http://www.ubuntu.com/usn/USN-838-1 [Dovecot-news] 20081005 v1.1.4 released http://www.dovecot.org/list/dovecot-news/2008-October/000085.html http://bugs.gentoo.org/show_bug.cgi?id=240409 oval:org.mitre.oval:def:10376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376 Common Vulnerability Exposure (CVE) ID: CVE-2008-4578 20081119 Re: [ MDVSA-2008:232 ] dovecot http://www.securityfocus.com/archive/1/498498/100/0/threaded dovecot-acl-mailbox-security-bypass(45669) https://exchange.xforce.ibmcloud.com/vulnerabilities/45669
Copyright	Copyright (C) 2008 E-Soft Inc.