Oval Definition:oval:org.mitre.oval:def:13521
Revision Date:2014-06-30Version:20
Title:USN-1059-1 -- dovecot vulnerabilities
Description:It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstances. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. It was discovered that the ACL plugin in Dovecot would incorrectly grant the admin permission to owners of certain mailboxes. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. It was discovered that Dovecot incorrecly handled the simultaneous disconnect of a large number of sessions. A remote authenticated user could use this flaw to cause Dovecot to crash, resulting in a denial of service
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-3304
CVE-2010-3706
CVE-2010-3707
CVE-2010-3779
CVE-2010-3780
USN-1059-1
USN-1059-1
Platform(s):Ubuntu 10.04
Ubuntu 10.10
Product(s):dovecot
Definition Synopsis
  • Release section
  • Ubuntu 10.10 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • mail-stack-delivery DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR dovecot-postfix DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is powerpc
  • OR Installed architecture is armel
  • OR Installed architecture is amd64
  • OR Installed architecture is i386
  • AND Packages section
  • dovecot-pop3d DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR dovecot-dbg DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR dovecot-common DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR dovecot-imapd DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR dovecot-dev DPKG is earlier than 1.2.12-1ubuntu8.1
  • OR Release section
  • Ubuntu 10.04 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND dovecot-postfix DPKG is earlier than 1.2.9-1ubuntu6.3
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is armel
  • AND Packages section
  • dovecot-pop3d DPKG is earlier than 1.2.9-1ubuntu6.3
  • OR dovecot-common DPKG is earlier than 1.2.9-1ubuntu6.3
  • OR dovecot-imapd DPKG is earlier than 1.2.9-1ubuntu6.3
  • OR dovecot-dev DPKG is earlier than 1.2.9-1ubuntu6.3
  • OR dovecot-dbg DPKG is earlier than 1.2.9-1ubuntu6.3
    • BACK