Test ID:	1.3.6.1.4.1.25623.1.0.122524
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2009-0205)
Summary:	The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2009-0205 advisory.
Description:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2009-0205 advisory. Vulnerability Insight: [1.0.7-7] - permissions of deliver and dovecot.conf from 1.0.7-5 reverted - password can be stored in different file readable only for root now - Resolves: #436287, CVE-2008-4870 [1.0.7-6] - added missing directory in file list - Resolves: #436287 [1.0.7-5] - change permissions of deliver and dovecot.conf to prevent possible password ex posure - Resolves: #436287 [1.0.7-4] - fix handling of negative rights in the ACL plugin - Resolves: #469015, CVE-2008-4577 [1.0.7-3] - fix package ownership for /etc/pki/dovecot/private (#448089) - update init script (#238016) - ask for SSL cert password during start-up (#436287) - fix for illegal characters in passwd (#439369) - Resolves: #448089, #238016, #436287, #439369 Affected Software/OS: 'dovecot' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4577 31587 http://www.securityfocus.com/bid/31587 32164 http://secunia.com/advisories/32164 32471 http://secunia.com/advisories/32471 33149 http://secunia.com/advisories/33149 33624 http://secunia.com/advisories/33624 36904 http://secunia.com/advisories/36904 ADV-2008-2745 http://www.vupen.com/english/advisories/2008/2745 FEDORA-2008-9202 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html FEDORA-2008-9232 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html GLSA-200812-16 http://security.gentoo.org/glsa/glsa-200812-16.xml MDVSA-2008:232 http://www.mandriva.com/security/advisories?name=MDVSA-2008:232 RHSA-2009:0205 http://www.redhat.com/support/errata/RHSA-2009-0205.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html USN-838-1 http://www.ubuntu.com/usn/USN-838-1 [Dovecot-news] 20081005 v1.1.4 released http://www.dovecot.org/list/dovecot-news/2008-October/000085.html http://bugs.gentoo.org/show_bug.cgi?id=240409 oval:org.mitre.oval:def:10376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376 Common Vulnerability Exposure (CVE) ID: CVE-2008-4870 http://www.openwall.com/lists/oss-security/2008/10/29/10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776 XForce ISS Database: dovecot-dovecot-information-disclosure(46323) https://exchange.xforce.ibmcloud.com/vulnerabilities/46323
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.