search for: azp

....1 Vendor notification: 2021-03-22 Solution date: 2021-04-14 Public disclosure: 2021-06-21 CVE reference: CVE-2021-29157 CVSS: 6.7 (CVSS3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) Researcher credit: Kirin of Tencent Security Xuanwu Lab Vulnerability Details: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. Risk: Local attacker can login as any user and access their emails. Workaround: Disable local JWT validation in oa...

....1 Vendor notification: 2021-03-22 Solution date: 2021-04-14 Public disclosure: 2021-06-21 CVE reference: CVE-2021-29157 CVSS: 6.7 (CVSS3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) Researcher credit: Kirin of Tencent Security Xuanwu Lab Vulnerability Details: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. Risk: Local attacker can login as any user and access their emails. Workaround: Disable local JWT validation in oa...

...t.org/releases/2.3/dovecot-2.3.14.1.tar.gz.sig> Binary packages in https://repo.dovecot.org/ <https://repo.dovecot.org/> Docker images in https://hub.docker.com/r/dovecot/dovecot <https://hub.docker.com/r/dovecot/dovecot> * CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. * CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the clie...

...t.org/releases/2.3/dovecot-2.3.14.1.tar.gz.sig> Binary packages in https://repo.dovecot.org/ <https://repo.dovecot.org/> Docker images in https://hub.docker.com/r/dovecot/dovecot <https://hub.docker.com/r/dovecot/dovecot> * CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. * CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the clie...

I'm running on Red Hat Enterprise 3 machine with ~700Gb of Storage backing up to a similar machine using rsync backups running 6 times a day on various directories in /home/. The inital rsync copied roughly 150gb. Everything appears to be backing up correctly so no loss of data which is good :) The problem is that he backup server is not removing data that has been removed from the primary

...I reach a point on the filesystem with this error: 2008/03/23 19:27:37 [3760] received request to transfer non-regular file: 86300 [sender] 2008/03/23 19:27:37 [3760] rsync error: protocol incompatibility (code 2) at rsync.c(298) [sender=3.0.0] This is the command line from the linux box: rsync -azP --ignore-errors --password-file=/etc/backup/pcmama.pwd --delete-after --timeout=300 --iconv=. --delete-excluded --exclude-from=/etc/backup/exclude.pcmama bkp@10.133.77.6::docs /bkps/bkppcmama/docs/ I've found this post but I've been unable to find any bug related (perhaps I haven't se...

I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11. I am running dovecot inside a Docker container With base image " debian:buster-slim". When I try to login through below command , a crash is seen. Algorithm Used is RS256 and certificate is self-signed. ''' a1 login admin