dovecot-1.0.7-2.1AXS3
エラータID: AXSA:2008-76:01
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.
CVE-2007-2231: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
CVE-2007-4211:The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
CVE-2007-6598: Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
CVE-2008-1199: Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Update packages
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
N/A
Asianux Server 3 for x86
- dovecot-1.0.7-2.1AXS3.i386.rpm
MD5: 7fe059afbeb2148281de70a016e17b40
SHA-256: 403170727667c9f42408ee83c64d15dd68bfdf4e62bf46b2266a9d6867a95c81
Size: 1.66 MB
Asianux Server 3 for x86_64
- dovecot-1.0.7-2.1AXS3.x86_64.rpm
MD5: c1a6ed4834b63f996acb0fe2e862e783
SHA-256: f8940b2826f71669619e137765ab46a3220e6b35ba7fd4b776d6298f31ac1542
Size: 1.67 MB