Test ID:	1.3.6.1.4.1.25623.1.0.123710
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2013-0520)
Summary:	The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2013-0520 advisory.
Description:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2013-0520 advisory. Vulnerability Insight: [1:2.0.9-5] - script-login did not drop privileges correctly (#709095) - fix directory traversal due to not obeying chroot directive (#709097) - check proxy destination host against SSL certificate name (#754980) [1:2.0.9-4] - dovecot may not set correct permissions for mail folder (#697620) [1:2.0.9-3] - fix potential crash when parsing header names that contain NUL characters (#728673) Affected Software/OS: 'dovecot' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2166 BugTraq ID: 48003 http://www.securityfocus.com/bid/48003 http://dovecot.org/pipermail/dovecot/2011-May/059085.html http://openwall.com/lists/oss-security/2011/05/18/4 RedHat Security Advisories: RHSA-2013:0520 http://rhn.redhat.com/errata/RHSA-2013-0520.html http://secunia.com/advisories/52311 XForce ISS Database: dovecot-scriptlogin-sec-bypass(67675) https://exchange.xforce.ibmcloud.com/vulnerabilities/67675 Common Vulnerability Exposure (CVE) ID: CVE-2011-2167 XForce ISS Database: dovecot-scriptlogin-dir-traversal(67674) https://exchange.xforce.ibmcloud.com/vulnerabilities/67674 Common Vulnerability Exposure (CVE) ID: CVE-2011-4318 46886 http://secunia.com/advisories/46886 52311 RHSA-2013:0520 [dovecot-news] 20111117 v2.0.16 released http://www.dovecot.org/list/dovecot-news/2011-November/000200.html [oss-security] 20111118 Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying http://www.openwall.com/lists/oss-security/2011/11/18/5 http://www.openwall.com/lists/oss-security/2011/11/18/7 http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1 https://bugs.gentoo.org/show_bug.cgi?id=390887 https://bugzilla.redhat.com/show_bug.cgi?id=754980
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.