Test ID:	1.3.6.1.4.1.25623.1.0.122586
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2008-0297)
Summary:	The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2008-0297 advisory.
Description:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2008-0297 advisory. Vulnerability Insight: [1.0.7-2] - LDAP+auth cache user login mixup (CVE-2007-6598, #427575) - insecure mail_extra_groups option (CVE-2008-1199, #436927) [1.0.7-1] - update to latest upstream, fixes a few bugs (#331441, #245249), plus two security vulnerabilities (CVE-2007-2231, CVE-2007-4211) - increased default login_process_size to 64 (#253363) Affected Software/OS: 'dovecot' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2231 BugTraq ID: 23552 http://www.securityfocus.com/bid/23552 Bugtraq: 20070418 rPSA-2007-0074-1 dovecot (Google Search) http://www.securityfocus.com/archive/1/466168/100/0/threaded Debian Security Information: DSA-1359 (Google Search) http://www.debian.org/security/2007/dsa-1359 http://dovecot.org/list/dovecot-cvs/2007-March/008488.html http://dovecot.org/list/dovecot-news/2007-March/000038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995 http://www.redhat.com/support/errata/RHSA-2008-0297.html http://secunia.com/advisories/25072 http://secunia.com/advisories/30342 SuSE Security Announcement: SUSE-SR:2007:008 (Google Search) http://www.novell.com/linux/security/advisories/2007_8_sr.html http://www.ubuntu.com/usn/usn-487-1 http://www.vupen.com/english/advisories/2007/1452 XForce ISS Database: dovecot-mboxstorage-directory-traversal(34082) https://exchange.xforce.ibmcloud.com/vulnerabilities/34082 Common Vulnerability Exposure (CVE) ID: CVE-2007-4211 BugTraq ID: 25182 http://www.securityfocus.com/bid/25182 http://www.dovecot.org/list/dovecot-news/2007-August/000048.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11558 http://secunia.com/advisories/26320 http://secunia.com/advisories/26475 XForce ISS Database: dovecot-aclplugin-security-bypass(35767) https://exchange.xforce.ibmcloud.com/vulnerabilities/35767 Common Vulnerability Exposure (CVE) ID: CVE-2007-6598 BugTraq ID: 27093 http://www.securityfocus.com/bid/27093 Bugtraq: 20080103 Re: rPSA-2008-0001-1 dovecot (Google Search) http://www.securityfocus.com/archive/1/485787/100/0/threaded Bugtraq: 20080103 rPSA-2008-0001-1 dovecot (Google Search) http://www.securityfocus.com/archive/1/485779/100/0/threaded Debian Security Information: DSA-1457 (Google Search) http://www.debian.org/security/2008/dsa-1457 http://dovecot.org/list/dovecot-news/2007-December/000057.html http://dovecot.org/list/dovecot-news/2007-December/000058.html http://osvdb.org/39876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458 http://secunia.com/advisories/28227 http://secunia.com/advisories/28271 http://secunia.com/advisories/28404 http://secunia.com/advisories/28434 http://secunia.com/advisories/32151 SuSE Security Announcement: SUSE-SR:2008:020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://www.ubuntu.com/usn/usn-567-1 http://www.vupen.com/english/advisories/2008/0017 Common Vulnerability Exposure (CVE) ID: CVE-2008-1199 BugTraq ID: 28092 http://www.securityfocus.com/bid/28092 Bugtraq: 20080304 Dovecot mail_extra_groups setting is often used insecurely (Google Search) http://www.securityfocus.com/archive/1/489133/100/0/threaded Debian Security Information: DSA-1516 (Google Search) http://www.debian.org/security/2008/dsa-1516 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html http://security.gentoo.org/glsa/glsa-200803-25.xml http://www.dovecot.org/list/dovecot-news/2008-March/000061.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10739 http://secunia.com/advisories/29226 http://secunia.com/advisories/29385 http://secunia.com/advisories/29396 http://secunia.com/advisories/29557 https://usn.ubuntu.com/593-1/ XForce ISS Database: dovecot-mailextragroups-unauth-access(41009) https://exchange.xforce.ibmcloud.com/vulnerabilities/41009
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.