search for: 3814

....3.4 Vulnerable component: authentication Report confidence: Confirmed Solution status: Fixed by Vendor Fixed versions: 2.2.36.1, 2.3.4.1 Vendor notification: 2019-01-16 Solution date: 2019-01-20 Public disclosure: 2019-02-05 Researcher Credits: https://hackerone.com/halfdog CVE reference: CVE-2019-3814 CVSS: 8.2 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) Vulnerability Details: Normally Dovecot is configured to authenticate imap/pop3/managesieve/submission clients using regular username/password combination. Some installations have also required clients to present a trusted SSL certificate on top of t...

Hello, I just upgraded my 64-bits dom0 from Etch to Lenny, I am still running the 2.6.18 Xen kernel by apt-pinning it (see later). But now xend does not start anymore: ------------ xen:~# /etc/init.d/xend start Starting XEN control daemon: xendTraceback (most recent call last): File "/usr/lib/xen-3.0.3-1/bin/xend", line 40, in <module> from xen.xend.server import SrvDaemon

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing. ??? * ssl_cert_username_field setting w...

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing. ??? * ssl_cert_username_field setting w...

...cot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig" rel="noopener" target="_blank">https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig</a> </div> </blockquote> <blockquote type="cite"> <div> * CVE-2019-3814: If imap/pop3/managesieve/submission client has </div> <div> trusted certificate with missing username field </div> <div> (ssl_cert_username_field), under some configurations Dovecot </div> <div> mistakenly...

...so i cant "play" with it unless i warn first. hope i can get this problem solved. --- and this one which aint too bad: for no reason i get sometimes those lines: May 10 09:37:06 smb smbd[823]: [2004/05/10 09:37:06, 0] smbd/service.c:make_connection(857) May 10 09:37:06 smb smbd[823]: 3814 (192.168.2.44) couldn't find service May 10 09:37:06 smb smbd[823]: [2004/05/10 09:37:06, 0] printing/pcap.c:pcap_printername_ok(253) May 10 09:37:06 smb smbd[823]: Attempt to locate null printername! Internal error? May 10 09:37:06 smb smbd[823]: [2004/05/10 09:37:06, 0] smbd/service.c:make_...

...the 2.2.x version and now only build 2.3.x. > Should I be maintaining both? > > Eric > > On 2/5/2019 6:01 AM, Aki Tuomi wrote: > > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > > * CVE-2019-3814: If imap/pop3/managesieve/submission client has > trusted certificate with missing username field > (ssl_cert_username_field), under some configurations Dovecot > mistakenly trusts the username provided via authentication instead > of failing. > * ssl_cert...

...3688 3689 3690 3691 3693 3694 3695 3696 3697 3698 3709 3710 3711 3713 3719 3722 3726 3728 3729 3730 3732 3733 3734 3735 3736 3737 3740 3741 3742 3743 3744 3746 3756 3758 3759 3760 3761 3762 3766 3767 3768 3769 3770 3771 3772 3777 3783 3784 3787 3788 3789 3790 3791 3792 3795 3798 3801 3802 3803 3805 3814 3817 3818 3819 3821 3822 3824 3826 3836 3837 3838 3840 3841 3842 3848 3850 3854 3855 3856 3857 3858 3864 3868 3870 3871 3878 3884 3888 3898 3900 3901 3902 3903 3904 3905 3912 3914 3915 3916 3917 3918 3921 3924 3927 3928 3930 3931 3932 3935 3946 3947 3948 3949 3951 3952 3954 3957 3958 3961 3963 3964...

...ion, so here it is repeated for both releases: 2.3.4.1 https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ * CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting w...

...ion, so here it is repeated for both releases: 2.3.4.1 https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ * CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting w...

https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing. ??? * ssl_cert_username_field setting w...

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing. ??? * ssl_cert_username_field setting w...

...FILTER command. - imap_filter_sieve plugin: Fix FILTER to work with pipelining Regards, Stephan. Op 5-2-2019 om 14:01 schreef Aki Tuomi: > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > > ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has > ??? ? trusted certificate with missing username field > ??? ? (ssl_cert_username_field), under some configurations Dovecot > ??? ? mistakenly trusts the username provided via authentication instead > ??? ? of failing. > ??? * ssl...

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig <https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig> Binary packages in https://repo.dovecot.org/ ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has ??? ? trusted certificate with missing username field ??? ? (ssl_cert_username_field), under some configurations Dovecot ??? ? mistakenly trusts the username provided via authentication instead ??? ? of failing. ??? * ssl_cert_username_field setting w...

...ped building RPM's of the 2.2.x version and now only build 2.3.x. Should I be maintaining both? Eric On 2/5/2019 6:01 AM, Aki Tuomi wrote: > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > > ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has > ??? ? trusted certificate with missing username field > ??? ? (ssl_cert_username_field), under some configurations Dovecot > ??? ? mistakenly trusts the username provided via authentication instead > ??? ? of failing. > ??? * ssl...

...ld 2.3.x. >> Should I be maintaining both? >> >> Eric >> >> On 2/5/2019 6:01 AM, Aki Tuomi wrote: >>> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz >>> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig >>> ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has >>> ??? ? trusted certificate with missing username field >>> ??? ? (ssl_cert_username_field), under some configurations Dovecot >>> ??? ? mistakenly trusts the username provided via authentication >>> instead >...

...FILTER command. - imap_filter_sieve plugin: Fix FILTER to work with pipelining Regards, Stephan. Op 5-2-2019 om 14:01 schreef Aki Tuomi: > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig > > ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has > ??? ? trusted certificate with missing username field > ??? ? (ssl_cert_username_field), under some configurations Dovecot > ??? ? mistakenly trusts the username provided via authentication instead > ??? ? of failing. > ??? * ssl...

The latest release of Autotest, bundled in ZenTest 3.5, now has support for running specs! No longer do we need to use the rspec_autotest plugin, now it-just-works. The only problem is that the script is assuming you have the rspec gem installed. If you''re keeping up with Edge RSpec on your Rails project you''ve probably just included rspec and rspec_on_rails into your

...FILTER to work with pipelining > > > Regards, > > Stephan. > > Op 5-2-2019 om 14:01 schreef Aki Tuomi: >> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz >> https://dovecot.org/releases/2.2/dovecot-2.2.36.1.tar.gz.sig >> >> ??? * CVE-2019-3814: If imap/pop3/managesieve/submission client has >> ??? ? trusted certificate with missing username field >> ??? ? (ssl_cert_username_field), under some configurations Dovecot >> ??? ? mistakenly trusts the username provided via authentication >> instead >> ??? ? o...

...ll: /bin/bash objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: organizationalPerson objectClass: top objectClass: person cn: Test User sn: User gecos: Test User description: Test User displayName: Test User mail: test.user@ipov.net sambaSID: S- sid_here-3814 sambaHomeDrive: H: sambaHomePath: \\ server_name\homes sambaProfilePath: \\server_name\profiles\test.user sambaLogonScript: STARTUP.BAT sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1142535948 sambaPasswordHistory: 00000...