Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 1059-1: Dovecot vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the ACL plugin in Dovecot would incorrectlypropagate ACLs to new mailboxes. A remote authenticated user could possiblyread new mailboxes that were created with the wrong ACL. (CVE-2010-3304) [More...]
Ubuntu Security Notice USN-1059-1         February 07, 2011
dovecot vulnerabilities
CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779,

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  dovecot-common                  1:1.2.9-1ubuntu6.3

Ubuntu 10.10:
  dovecot-common                  1:1.2.12-1ubuntu8.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that the ACL plugin in Dovecot would incorrectly
propagate ACLs to new mailboxes. A remote authenticated user could possibly
read new mailboxes that were created with the wrong ACL. (CVE-2010-3304)

It was discovered that the ACL plugin in Dovecot would incorrectly merge
ACLs in certain circumstances. A remote authenticated user could possibly
bypass intended access restrictions and gain access to mailboxes.
(CVE-2010-3706, CVE-2010-3707)

It was discovered that the ACL plugin in Dovecot would incorrectly grant
the admin permission to owners of certain mailboxes. A remote authenticated
user could possibly bypass intended access restrictions and gain access to
mailboxes. (CVE-2010-3779)

It was discovered that Dovecot incorrecly handled the simultaneous
disconnect of a large number of sessions. A remote authenticated user could
use this flaw to cause Dovecot to crash, resulting in a denial of service.

Updated packages for Ubuntu 10.04 LTS:

  Source archives:
      Size/MD5:  1418658 e63585f0ff54bca7e0bf13cfc231b71f
      Size/MD5:     2318 fec51e228070f787fb056143796db75c
      Size/MD5:  2889394 036ff97fb248dae3bd4b796a0644634f

  Architecture independent packages:
      Size/MD5:   517504 dbca36979cd97e82d8aa5a97e677ae09

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  5512258 e5d7ae5b2c55b255804a0f3996edb3fe
      Size/MD5: 14963328 1ccfc078b3230a780306bde804bfaba3
      Size/MD5:   659902 1581f01ffeb79f2660cd36ff5bd71ffc
      Size/MD5:  1200744 aa69e75cf135728602d79ba246573527
      Size/MD5:  1093072 6eee0eeb2518e04cb1a2144f7f17d3d4

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  5216218 25ec6a29054490f2c375afff3c32da4c
      Size/MD5: 14832598 ff39bdbfadc6db0fe3f065e41ee814fd
      Size/MD5:   659420 b17a74bc656c284905f56c0a57ce4967
      Size/MD5:  1165324 90896ac034e6f8330941ccdcbbb89706
      Size/MD5:  1064182 208bf8c365d586b448a4dd9b1f35348c

  armel architecture (ARM Architecture):
      Size/MD5:  4884006 b25ca8e16b8b3cc6b35668ccc61acee4
      Size/MD5: 15029038 cfeb4beeab0436c51610548891daeb3b
      Size/MD5:   659290 a76eba105ff7737ea253ea4e47630df9
      Size/MD5:  1117728 0a9ac5eed3e7ee4cedbbce7fb4d00f4e
      Size/MD5:  1022380 4b2ef79d7af993f14f1fe4f98763ef8a

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  5569840 8684510a8a22672e6d392b00bc8509b2
      Size/MD5: 15366966 e99997cb326c9803f63ab53211c3fe1f
      Size/MD5:   656482 59256f0c930f644d6b0adc995daa8a9a
      Size/MD5:  1219628 66118e59a5ed500f754b00c2b4a645f0
      Size/MD5:  1107240 76e505910a9d9120b27228b6f46483ea

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  5315260 91239166c042cb1776f53aec4942bd9c
      Size/MD5: 14201530 400e1594cc8dc50607a6e30bc2409910
      Size/MD5:   656468 d61d6e6bde0d48346018a432badee15e
      Size/MD5:  1189960 8c93283a7425f5ffb2cba844edf6db56
      Size/MD5:  1081132 ca8c6c4944e22f23fcdde4b55374e41d

Updated packages for Ubuntu 10.10:

  Source archives:
      Size/MD5:  1538312 e1d8c3fe8f56021c4c12d8c334412f0b
      Size/MD5:     2347 8ede599bb24182293c4d6151c3f5c34a
      Size/MD5:  2882517 cc8e5c53cd0943ce0b5e1087356ad4ea

  Architecture independent packages:
      Size/MD5:   522198 b5ee6b912defe13e6899cba856c03836
      Size/MD5:   525996 063bf23bee428827de152998fce3855f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  5561644 edb933283a0b70dd78c9be26b6d23dbb
      Size/MD5: 15315074 0db6f32bbdc1cfd4f61ebb3ede83bf67
      Size/MD5:   664354 359aff3615bb4c929a23e3f7d34b0817
      Size/MD5:  1202962 01e84db943a506d3e449ec7198be115c
      Size/MD5:  1096030 409378f2fd83bf1db66383bd30f80c4d

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  5246496 17d4a818b64e265f244a0110d027a33d
      Size/MD5: 15173598 dbadcbf9c428b908f074f29b9687fb1f
      Size/MD5:   664386 c8b2ffd0f0ae892fd792d71b11f29658
      Size/MD5:  1166874 2d6b53c0113f91db83d0497d878fccb4
      Size/MD5:  1065500 17fddc68c95dbfdce3d74812a707eca3

  armel architecture (ARM Architecture):
      Size/MD5:  5262734 38a9be4a1b9a2cedaa9c9eb3c16c79b5
      Size/MD5: 15518084 b8c34a059e680d8e6277bfd413dd95b3
      Size/MD5:   667334 a37e1a557224328422e4bbe989f831e3
      Size/MD5:  1169838 945c88bfb26e32c828bccc72f4fe0ad3
      Size/MD5:  1069910 444e4fde0cabe6ec435c539fdb7fd87b

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  5615034 3462d60a1c4d7b2510ca5721a0ea6726
      Size/MD5: 15747518 a38d8e6c790a1c2beb528a0b8c7a92ce
      Size/MD5:   664372 9e5f5e9164c8537092faeab594f21083
      Size/MD5:  1220492 88d7ed99069a33560387e93f8e3d3b29
      Size/MD5:  1109338 63407bf75988c92d4279229280591ce6

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
CryptoWall’s Haul: $1M in Six Months
A Google Site Meant to Protect You Is Helping Hackers Attack You
The Main Suspect Blamed For The Jennifer Lawrence Nude Leak Says He Is Innocent
Inside Google's Secret Drone-Delivery Program
Hackers Build a Skype That’s Not Controlled by Microsoft
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.