Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-567-1: Dovecot vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-567-1: Dovecot vulnerability
# 1  
Old 01-10-2008
USN-567-1: Dovecot vulnerability
Referenced CVEs:
CVE-2007-6598


Description:
=========================================================== Ubuntu Security Notice USN-567-1 January 10, 2008 dovecot vulnerability CVE-2007-6598 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: dovecot-imapd 1.0.rc17-1ubuntu2.2 dovecot-pop3d 1.0.rc17-1ubuntu2.2 Ubuntu 7.10: dovecot-imapd 1:1.0.5-1ubuntu2.1 dovecot-pop3d 1:1.0.5-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

doveadm-log

DOVEADM-LOG(1)							      Dovecot							    DOVEADM-LOG(1)

NAME

       doveadm-log - Locate, test or reopen Dovecot's log files

SYNOPSIS

       doveadm [-Dv] log errors
       doveadm [-Dv] log find [directory]
       doveadm [-Dv] log reopen
       doveadm [-Dv] log test

DESCRIPTION

       The  doveadm  log commands are used to locate and reopen the log files of dovecot(1).  It's also possible to test the configured targets of
       the *log_path settings.

OPTIONS

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -v     Enables verbosity, including progress counter.

COMMANDS

   log errors
       doveadm log errors

       The log errors command is used to show the last	- up to 1,000 - errors and warnings.  If no output is generated, no errors  have  occurred
       since the last start.

   log find
       doveadm log find [directory]

       The  log  find  command	is used to show the location of the log files, to which dovecot(1) sends its log messages.  If dovecot(1) logs its
       messages through syslogd(8) and doveadm(1) could not find any log files, you can specify the directory where your syslogd  writes  its  log
       files.

   log reopen
       doveadm log reopen

       This command causes doveadm to reopen all log files, configured in the log_path, info_log_path and debug_log_path settings.  These settings
       are configured in /etc/dovecot/conf.d/10-logging.conf.
       This is for example useful after manually rotating the log files.

   log test
       doveadm log test

       This command causes doveadm to write the message "This is Dovecot's priority log (timestamp)" to the configured log files.  The used prior-
       ities are: debug, info, warning, error and fatal.

EXAMPLE

       This example shows how to locate the log files used by dovecot(1).

       doveadm log find
       Looking for log files from /var/log
       Debug: /var/log/dovecot.debug
       Info: /var/log/mail.log
       Warning: /var/log/mail.log
       Error: /var/log/mail.log
       Fatal: /var/log/mail.log

REPORTING BUGS

       Report  bugs,  including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>.	Information about reporting bugs is avail-
       able at: http://dovecot.org/bugreport.html

SEE ALSO

       doveadm(1)

Dovecot v2.1							    2012-02-22							    DOVEADM-LOG(1)