Full Disclosure mailing list archives
[PLSA 2008-64] Dovecot: Multiple Vulnerabilities
From: Pınar Yanardağ <pinar () pardus org tr>
Date: Fri, 07 Nov 2008 09:29:42 +0200
Pardus Linux Security Advisory 2008-64 security () pardus org tr ------------------------------------------------------------------------ Date: 2008-11-07 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= The invalid message address parsing bug is pretty important since it allows a remote user to send broken mail headers and prevent the recipient from accessing the mailbox afterwards, because the process will always just crash trying to parse the header. Description =========== This is assuming that the IMAP client uses FETCH ENVELOPE command, not all do. Affected packages: Pardus 2008: dovecot, all before 1.1.6-18-3 Resolution ========== There are update(s) for dovecot. You can update them via Package Manager or with a single command from console: pisi up dovecot References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8572 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [PLSA 2008-64] Dovecot: Multiple Vulnerabilities Pınar Yanardağ (Nov 06)