Detections
Analytics
Scientific Linux Security Update : dovecot on SL6.x i386/x86_64
medium Nessus Plugin ID 61039
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind.A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it could cause the master process to crash. (CVE-2010-3780)
A flaw was found in the way Dovecot processed multiple Access Control Lists (ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the more specific ACL entry, possibly resulting in more access being granted to the user than intended. (CVE-2010-3707)
This update also adds the following enhancement :
- This erratum upgrades Dovecot to upstream version 2.0.9, providing multiple fixes for the 'dsync' utility and improving overall performance. Refer to the '/usr/share/doc/dovecot-2.0.9/ChangeLog' file after installing this update for further information about the changes. (BZ#637056)
Users of dovecot are advised to upgrade to these updated packages, which resolve these issues and add this enhancement. After installing the updated packages, the dovecot service will be restarted automatically.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 61039
File Name: sl_20110519_dovecot_on_SL6_x.nasl
Version: 1.5
Type: local
Agent: unix
Published: 8/1/2012
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
Vulnerability Information
CPE: x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 5/19/2011
Reference Information
CVE: CVE-2010-3707, CVE-2010-3780