English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.68317
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2010:217 (dovecot)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to dovecot
announced via advisory MDVSA-2010:217.

Multiple vulnerabilities was discovered and corrected in dovecot:

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin
permission to the owner of each mailbox in a non-public namespace,
which might allow remote authenticated users to bypass intended access
restrictions by changing the ACL of a mailbox, as demonstrated by a
symlinked shared mailbox (CVE-2010-3779).

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to
cause a denial of service (master process outage) by simultaneously
disconnecting many (1) IMAP or (2) POP3 sessions (CVE-2010-3780).

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to
newly created mailboxes in certain configurations, which might allow
remote attackers to read mailboxes that have unintended weak ACLs
(CVE-2010-3304).

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and 2.0.x before 2.0.5 interprets an ACL entry as a directive to
add to the permissions granted by another ACL entry, instead of a
directive to replace the permissions granted by another ACL entry,
in certain circumstances involving the private namespace of a user,
which allows remote authenticated users to bypass intended access
restrictions via a request to read or modify a mailbox (CVE-2010-3706).

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and
2.0.x before 2.0.5 interprets an ACL entry as a directive to add to
the permissions granted by another ACL entry, instead of a directive
to replace the permissions granted by another ACL entry, in certain
circumstances involving more specific entries that occur after less
specific entries, which allows remote authenticated users to bypass
intended access restrictions via a request to read or modify a mailbox
(CVE-2010-3707).

This advisory provides dovecot 1.2.15 which is not vulnerable to
these issues

Affected: 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:217

Risk factor : High

CVSS Score:
6.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3779
http://www.mandriva.com/security/advisories?name=MDVSA-2010:217
http://www.dovecot.org/list/dovecot/2010-October/053452.html
http://www.dovecot.org/list/dovecot/2010-October/053450.html
http://secunia.com/advisories/43220
http://www.ubuntu.com/usn/USN-1059-1
http://www.vupen.com/english/advisories/2010/2840
http://www.vupen.com/english/advisories/2011/0301
Common Vulnerability Exposure (CVE) ID: CVE-2010-3780
http://www.redhat.com/support/errata/RHSA-2011-0600.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3304
41964
http://www.securityfocus.com/bid/41964
43220
ADV-2010-2840
ADV-2011-0301
MDVSA-2010:217
SUSE-SR:2010:017
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
USN-1059-1
[dovecot-news] 20100724 v1.2.13 released
http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
[oss-security] 20100916 CVE-identifier request for Dovecot ACL security bug
http://www.openwall.com/lists/oss-security/2010/09/16/14
[oss-security] 20100916 Re: CVE-identifier request for Dovecot ACL security bug
http://www.openwall.com/lists/oss-security/2010/09/16/17
Common Vulnerability Exposure (CVE) ID: CVE-2010-3706
ADV-2010-2572
http://www.vupen.com/english/advisories/2010/2572
SUSE-SR:2010:020
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0
[dovecot] 20101002 v1.2.15 released
[dovecot] 20101002 v2.0.5 released
http://www.dovecot.org/list/dovecot/2010-October/053451.html
[oss-security] 20101004 CVE Request: more dovecot ACL issues
http://marc.info/?l=oss-security&m=128620520732377&w=2
[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues
http://marc.info/?l=oss-security&m=128622064325688&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2010-3707
RHSA-2011:0600
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.