Scientific Linux Security Update : dovecot on SL6.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Two flaws were found in the way some settings were enforced by the
script-login functionality of Dovecot. A remote, authenticated user
could use these flaws to bypass intended access restrictions or
conduct a directory traversal attack by leveraging login scripts.
(CVE-2011-2166, CVE-2011-2167)

A flaw was found in the way Dovecot performed remote server identity
verification, when it was configured to proxy IMAP and POP3
connections to remote hosts using TLS/SSL protocols. A remote attacker
could use this flaw to conduct man-in-the-middle attacks using an
X.509 certificate issued by a trusted Certificate Authority (for a
different name). (CVE-2011-4318)

This update also fixes the following bug :

- When a new user first accessed their IMAP inbox, Dovecot
was, under some circumstances, unable to change the
group ownership of the inbox directory in the user's
Maildir location to match that of the user's mail spool
(/var/mail/$USER). This correctly generated an 'Internal
error occurred' message. However, with a subsequent
attempt to access the inbox, Dovecot saw that the
directory already existed and proceeded with its
operation, leaving the directory with incorrectly set
permissions. This update corrects the underlying
permissions setting error. When a new user now accesses
their inbox for the first time, and it is not possible
to set group ownership, Dovecot removes the created
directory and generates an error message instead of
keeping the directory with incorrect group ownership.

After installing the updated packages, the dovecot service will be
restarted automatically.

See also :

http://www.nessus.org/u?6b5c721a

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 65009 ()

Bugtraq ID:

CVE ID: CVE-2011-2166
CVE-2011-2167
CVE-2011-4318