Displaying 20 results from an estimated 3000 matches similar to: "CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication"
2016 Dec 03
0
RES: v2.2.27 released
Helo Timo,
I tried to compile and got one error on Centos 6.8:
checking that generated files are newer than configure... done
configure: error: conditional "SSL_VERSION_GE_102" was never defined.
Usually this means the macro was only invoked conditionally.
# configure
./configure with-ldap=yes --with-zlib --with-bzlib --with-solr
# uname -a
Linux host 2.6.32-573.26.1.el6.x86_64 #1
2016 Dec 04
2
v2.2.27 released --- libressl
>openssl version
Libressl 2.4.4
Patch for dovecot:
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c;
perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c;
perl -i -ple 's/^(#if
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2017 May 26
0
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> Hi Team,
>
> Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
They are not unpublished:
https://www.samba.org/samba/security/CVE-2017-2619.html
https://www.samba.org/samba/security/CVE-2017-7494.html
For this second bug, I did some work on CVSS scores:
I've had a go at a CVSSv3 score for the
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug.
Please also share CVSSv3 score for first bug.
Arjit Kumar
On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> > Hi Team,
> >
> > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
>
> They are not unpublished:
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Hi,
I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
Linux release 8.7 (Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
SSH Terrapin Prefix Truncation
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
You might find RedHat's CVE page on this useful:
https://access.redhat.com/security/cve/cve-2023-48795
On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Hi,
>
> I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
> Linux release 8.7 (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
>
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2016 Nov 29
0
v2.2.27 release candidate released
http://dovecot.org/releases/2.2/rc/dovecot-2.2.27.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.27.rc1.tar.gz.sig
Most interestingly there's a new mail_crypt plugin. It would be nice if crypto gurus could check through it for any issues. Director's tagging fix was also quite a large change, but the new code is already used in production and appears to be working fine.
*
2016 Nov 29
0
v2.2.27 release candidate released
http://dovecot.org/releases/2.2/rc/dovecot-2.2.27.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.27.rc1.tar.gz.sig
Most interestingly there's a new mail_crypt plugin. It would be nice if crypto gurus could check through it for any issues. Director's tagging fix was also quite a large change, but the new code is already used in production and appears to be working fine.
*
2020 Feb 12
0
CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3744 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: submission-login, lmtp
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference:
2020 Feb 12
0
CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3744 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: submission-login, lmtp
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference:
2016 Dec 02
6
CVE-2016-8562 in dovecot
We are sorry to report that we have a bug in dovecot, which merits a
CVE. See details below. If you haven't configured any auth_policy_*
settings you are ok. This is fixed with
https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae
and
https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc
Important vulnerability in Dovecot
2020 Feb 12
0
CVE-2020-7957: Specially crafted mail can crash snippet generation
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3743 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: lmtp, imap
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference: CVE-2020-7957