Red Hat Local Security Checks : RedHat Update for dovecot RHSA-2014:0790-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871195

Categoría: Red Hat Local Security Checks

Título: RedHat Update for dovecot RHSA-2014:0790-01

Resumen: The remote host is missing an update for the 'dovecot'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'dovecot'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Dovecot is an IMAP server, written with security primarily in mind, for
Linux and other UNIX-like systems. It also contains a small POP3 server.
It supports mail in both the maildir or mbox format. The SQL drivers and
authentication plug-ins are provided as subpackages.

It was discovered that Dovecot did not properly discard connections trapped
in the SSL/TLS handshake phase. A remote attacker could use this flaw to
cause a denial of service on an IMAP/POP3 server by exhausting the pool of
available connections and preventing further, legitimate connections to the
IMAP/POP3 server to be made. (CVE-2014-3430)

All dovecot users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the dovecot service will be restarted automatically.

Affected Software/OS:
dovecot on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3430
BugTraq ID: 67306
http://www.securityfocus.com/bid/67306
Debian Security Information: DSA-2954 (Google Search)
http://www.debian.org/security/2014/dsa-2954
http://www.mandriva.com/security/advisories?name=MDVSA-2015:113
http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html
http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
http://www.openwall.com/lists/oss-security/2014/05/09/4
http://www.openwall.com/lists/oss-security/2014/05/09/8
RedHat Security Advisories: RHSA-2014:0790
http://rhn.redhat.com/errata/RHSA-2014-0790.html
http://secunia.com/advisories/59051
http://secunia.com/advisories/59537
http://secunia.com/advisories/59552
http://www.ubuntu.com/usn/USN-2213-1

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871195
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for dovecot RHSA-2014:0790-01
Resumen:	The remote host is missing an update for the 'dovecot'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the referenced advisory. Vulnerability Insight: Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made. (CVE-2014-3430) All dovecot users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the dovecot service will be restarted automatically. Affected Software/OS: dovecot on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3430 BugTraq ID: 67306 http://www.securityfocus.com/bid/67306 Debian Security Information: DSA-2954 (Google Search) http://www.debian.org/security/2014/dsa-2954 http://www.mandriva.com/security/advisories?name=MDVSA-2015:113 http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html http://permalink.gmane.org/gmane.mail.imap.dovecot/77499 http://www.openwall.com/lists/oss-security/2014/05/09/4 http://www.openwall.com/lists/oss-security/2014/05/09/8 RedHat Security Advisories: RHSA-2014:0790 http://rhn.redhat.com/errata/RHSA-2014-0790.html http://secunia.com/advisories/59051 http://secunia.com/advisories/59537 http://secunia.com/advisories/59552 http://www.ubuntu.com/usn/USN-2213-1
Copyright	Copyright (C) 2014 Greenbone AG