Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-114: Dovecot Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-114: Dovecot Vulnerability
# 1  
Old 01-11-2008
S-114: Dovecot Vulnerability
Dovecot, a POP3 and IMAP server, only when used with LDAP authentication and base contains variables, that could allow a user to log in to the account of another user with the same password. The risk is LOW. Could allow a user to log in to the account of another user with the same password.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Cat 114 files using grep or awk to pull muliple fields

Files xxxxxxx.txt ------------------------------------------------------------------------------------------------------------------------------------ Req.By: xxxxxxx WABUSH MINES - xxxxxx MINE (1001) Page: 1 Run on: 12/14/09... (4 Replies)
Discussion started by: sctxms
4 Replies

2. UNIX for Dummies Questions & Answers

Sendmail, Cyrus, Dovecot

I've been using Sendmail for several months - no problem. Shortly, a need appeared to provide remote access to mail - POP3/IMAP. I worked a little with Dovecot, and there was some success, than I read that Cyrus is cooler or so, like better for production sites because it makes links and not copies... (0 Replies)
Discussion started by: Action
0 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pigeonhole

PIGEONHOLE(7)							    Pigeonhole							     PIGEONHOLE(7)

NAME

       pigeonhole - Overview of the Pigeonhole project's Sieve support for the Dovecot secure IMAP and POP3 server

DESCRIPTION

       The  Pigeonhole	project  <http://pigeonhole.dovecot.org>  adds support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC
       5804) to the Dovecot Secure IMAP and POP3 Server (dovecot(1)). In the literal sense, a pigeonhole is a a hole or recess	inside	a  dovecot
       for  pigeons  to  nest  in.   It is, however, also the name for one of a series of small, open compartments in a cabinet used for filing or
       sorting mail. As a verb, it describes the act of putting an item into one of  those  pigeonholes.  The  name  "Pigeonhole"  therefore  well
       describes an important part of the functionality that this project adds to Dovecot: sorting and filing e-mail messages.

       The  Sieve  language  is  used  to specify how e-mail needs to be processed. By writing Sieve scripts, users can customize how messages are
       delivered, e.g.	whether they are forwarded or stored in special folders. Unwanted messages can be discarded or	rejected,  and,  when  the
       user  is  not available, the Sieve interpreter can send an automated reply. Above all, the Sieve language is meant to be simple, extensible
       and system independent. And, unlike most other mail filtering script languages, it does not allow users to execute arbitrary programs. This
       is  particularly  useful  to  prevent  virtual users from having full access to the mail store. The intention of the language is to make it
       impossible for users to do anything more complex (and dangerous) than write simple mail filters.

       Using the ManageSieve protocol, users can upload their Sieve scripts remotely, without needing direct filesystem access through FTP or SCP.
       Additionally, a ManageSieve server always makes sure that uploaded scripts are valid, preventing compile failures at mail delivery.

       The Pigeonhole project provides the following items:

       o   The	LDA Sieve plugin for Dovecot's Local Delivery Agent (LDA) (dovecot-lda(1)) that facilitates the actual Sieve filtering upon deliv-
	   ery.

       o   The ManageSieve Service that implements the ManageSieve protocol through which users can remotely manage Sieve scripts on the server.

       o   Command line tools that provide the means to manually compile, analyse and test Sieve scripts.

       The functionality and configuration of the LDA Sieve plugin and the ManageSieve service is described in detail in the  README  and  INSTALL
       files contained in the Pigeonhole package and in the Dovecot Wiki <http://wiki2.dovecot.org/Pigeonhole>.

       The following command line tools are available:

       sievec(1)
	      Compiles Sieve scripts into a binary representation for later execution.

       sieve-test(1)
	      The universal Sieve test tool for testing the effect of a Sieve script on a particular message.

       sieve-filter(1)
	      Filters all messages in a particular source mailbox through a Sieve script.

       sieve-dump(1)
	      Dumps the content of a Sieve binary file for (development) debugging purposes.

REPORTING BUGS

       Report  bugs,  including  doveconf  -n  output, to the Dovecot Mailing List <dovecot@dovecot.org>.  Information about reporting Dovecot and
       Pigeonhole bugs is available at: http://dovecot.org/bugreport.html

AUTHOR

       Pigeonhole  <http://pigeonhole.dovecot.org>  and  its  manual  pages  were  written  by	the  Pigeonhole  authors  <http://pigeonhole.dove-
       cot.org/doc/AUTHORS>,  mainly  Stephan  Bosch <stephan at rename-it.nl>, and are licensed under the terms of the LGPLv2.1 license, which is
       the same license as Dovecot, see <http://dovecot.org/doc/COPYING> for details.

SEE ALSO

       dovecot(1), dovecot-lda(1), sieve-dump(1), sieve-test(1), sieve-filter(1), sievec(1)

       Additional resources:

       Dovecot website
	      http://www.dovecot.org

       Dovecot v2.x Wiki
	      http://wiki2.dovecot.org/Pigeonhole

       Pigeonhole website
	      http://pigeonhole.dovecot.org

Pigeonhole for Dovecot v2.2					    2013-05-09							     PIGEONHOLE(7)