Ubuntu Update For Dovecot Vulnerabilities USN-593-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-593-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the default configuration of dovecot could allow access to any email files with group &quot mail&quot without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. (CVE-2008-1199) By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems. (CVE-2008-1218)

Affected

dovecot vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 6.10 , Ubuntu 7.04 , Ubuntu 7.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-March/000682.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-1199, CVE-2008-1218
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for dovecot vulnerabilities USN-593-1

Take action and discover your vulnerabilities