Test ID:	1.3.6.1.4.1.25623.1.0.60566
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2008-2475 (dovecot)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to dovecot announced via advisory FEDORA-2008-2475. Update Information: This update upgrades dovecot from version 1.0.10 to 1.0.13. Besides bug fixes, two security issues were fixed upstream in version 1.0.11 and 1.0.13. ChangeLog: * Sun Mar 9 2008 Tomas Janousek - 1.0.13-18 - update to latest upstream stable (1.0.13) References: [ 1 ] Bug #436927 - CVE-2008-1199 dovecot: insecure mail_extra_groups option https://bugzilla.redhat.com/show_bug.cgi?id=436927 [ 2 ] Bug #436928 - CVE-2008-1218 dovecot: unauthorized login https://bugzilla.redhat.com/show_bug.cgi?id=436928 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update dovecot' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-2475 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1199 BugTraq ID: 28092 http://www.securityfocus.com/bid/28092 Bugtraq: 20080304 Dovecot mail_extra_groups setting is often used insecurely (Google Search) http://www.securityfocus.com/archive/1/489133/100/0/threaded Debian Security Information: DSA-1516 (Google Search) http://www.debian.org/security/2008/dsa-1516 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html http://security.gentoo.org/glsa/glsa-200803-25.xml http://www.dovecot.org/list/dovecot-news/2008-March/000061.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10739 http://www.redhat.com/support/errata/RHSA-2008-0297.html http://secunia.com/advisories/29226 http://secunia.com/advisories/29385 http://secunia.com/advisories/29396 http://secunia.com/advisories/29557 http://secunia.com/advisories/30342 http://secunia.com/advisories/32151 SuSE Security Announcement: SUSE-SR:2008:020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html https://usn.ubuntu.com/593-1/ XForce ISS Database: dovecot-mailextragroups-unauth-access(41009) https://exchange.xforce.ibmcloud.com/vulnerabilities/41009 Common Vulnerability Exposure (CVE) ID: CVE-2008-1218 BugTraq ID: 28181 http://www.securityfocus.com/bid/28181 Bugtraq: 20080312 rPSA-2008-0108-1 dovecot (Google Search) http://www.securityfocus.com/archive/1/489481/100/0/threaded https://www.exploit-db.com/exploits/5257 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108 http://www.dovecot.org/list/dovecot-news/2008-March/000064.html http://www.dovecot.org/list/dovecot-news/2008-March/000065.html http://secunia.com/advisories/29295 http://secunia.com/advisories/29364 XForce ISS Database: dovecot-tab-authentication-bypass(41085) https://exchange.xforce.ibmcloud.com/vulnerabilities/41085
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.