|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-1059-1 (dovecot)|
|Summary:||Ubuntu USN-1059-1 (dovecot)|
|Description:||The remote host is missing an update to dovecot|
announced via advisory USN-1059-1.
It was discovered that the ACL plugin in Dovecot would incorrectly
propagate ACLs to new mailboxes. A remote authenticated user could possibly
read new mailboxes that were created with the wrong ACL. (CVE-2010-3304)
It was discovered that the ACL plugin in Dovecot would incorrectly merge
ACLs in certain circumstances. A remote authenticated user could possibly
bypass intended access restrictions and gain access to mailboxes.
It was discovered that the ACL plugin in Dovecot would incorrectly grant
the admin permission to owners of certain mailboxes. A remote authenticated
user could possibly bypass intended access restrictions and gain access to
It was discovered that Dovecot incorrecly handled the simultaneous
disconnect of a large number of sessions. A remote authenticated user could
use this flaw to cause Dovecot to crash, resulting in a denial of service.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
In general, a standard system update will make all the necessary changes.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2010-3304|
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
BugTraq ID: 41964
Common Vulnerability Exposure (CVE) ID: CVE-2010-3706
SuSE Security Announcement: SUSE-SR:2010:020 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3707
Common Vulnerability Exposure (CVE) ID: CVE-2010-3779
Common Vulnerability Exposure (CVE) ID: CVE-2010-3780
|Copyright||Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40605 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.