Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-567-1: Dovecot vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-567-1: Dovecot vulnerability
# 1  
Old 01-10-2008
USN-567-1: Dovecot vulnerability
Referenced CVEs:
CVE-2007-6598


Description:
=========================================================== Ubuntu Security Notice USN-567-1 January 10, 2008 dovecot vulnerability CVE-2007-6598 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: dovecot-imapd 1.0.rc17-1ubuntu2.2 dovecot-pop3d 1.0.rc17-1ubuntu2.2 Ubuntu 7.10: dovecot-imapd 1:1.0.5-1ubuntu2.1 dovecot-pop3d 1:1.0.5-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

doveadm-penalty

DOVEADM-PENALTY(1)						      Dovecot							DOVEADM-PENALTY(1)

NAME

       doveadm-penalty - Show current penalties

SYNOPSIS

       doveadm [-Dv] penalty [-a anvil_socket_path] [ip[/mask]]

DESCRIPTION

       The doveadm penalty command can be used to see the current penalties.  (Extend me!/explain it)

OPTIONS

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -a anvil_socket_path
	      This  option  is	used  to  specify  an alternative socket.  The option's argument is either an absolute path to a local UNIX domain
	      socket, or a hostname and port (hostname:port), in order to connect a remote host via a TCP socket.

	      By default doveadm(1) will use the socket /var/run/dovecot/anvil.  The socket may be located in another directory, when the  default
	      base_dir setting was overridden in /etc/dovecot/dovecot.conf.

ARGUMENTS

       ip[/mask]
	      To reduce/filter the output supply an IP address or a network range in CIDR notation (ip/mask).

EXAMPLE

       Show current penalties

       doveadm penalty
       IP		penalty last_penalty	    last_update
       192.0.2.222	      3 2010-06-15 15:19:27 15:19:27
       192.0.2.53	      3 2010-06-15 15:19:34 15:19:34

REPORTING BUGS

       Report  bugs,  including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>.	Information about reporting bugs is avail-
       able at: http://dovecot.org/bugreport.html

SEE ALSO

       doveadm(1)

Dovecot v2.1							    2010-07-12							DOVEADM-PENALTY(1)