Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-666-1: Dovecot vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-666-1: Dovecot vulnerability
# 1  
Old 11-07-2008
USN-666-1: Dovecot vulnerability
Referenced CVEs:
CVE-2008-4907


Description:
===========================================================Ubuntu Security Notice USN-666-1 November 07, 2008dovecot vulnerabilityCVE-2008-4907===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: dovecot-imapd 1:1.1.4-0ubuntu1.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that certain email headers were not correctly handledby Dovecot. If a remote attacker sent a specially crafted email to auser with a mailbox managed by Dovecot, that user's mailbox would becomeinaccessible through Dovecot, leading to a denial of service.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

doveadm-penalty

DOVEADM-PENALTY(1)						      Dovecot							DOVEADM-PENALTY(1)

NAME

       doveadm-penalty - Show current penalties

SYNOPSIS

       doveadm [-Dv] penalty [-a anvil_socket_path] [ip[/mask]]

DESCRIPTION

       The doveadm penalty command can be used to see the current penalties.  (Extend me!/explain it)

OPTIONS

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -v     Enables verbosity, including progress counter.

       Command specific options:

       -a anvil_socket_path
	      This  option  is	used  to  specify  an alternative socket.  The option's argument is either an absolute path to a local UNIX domain
	      socket, or a hostname and port (hostname:port), in order to connect a remote host via a TCP socket.

	      By default doveadm(1) will use the socket /var/run/dovecot/anvil.  The socket may be located in another directory, when the  default
	      base_dir setting was overridden in /etc/dovecot/dovecot.conf.

ARGUMENTS

       ip[/mask]
	      To reduce/filter the output supply an IP address or a network range in CIDR notation (ip/mask).

EXAMPLE

       Show current penalties

       doveadm penalty
       IP		penalty last_penalty	    last_update
       192.0.2.222	      3 2010-06-15 15:19:27 15:19:27
       192.0.2.53	      3 2010-06-15 15:19:34 15:19:34

REPORTING BUGS

       Report  bugs,  including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>.	Information about reporting bugs is avail-
       able at: http://dovecot.org/bugreport.html

SEE ALSO

       doveadm(1)

Dovecot v2.1							    2010-07-12							DOVEADM-PENALTY(1)