openSUSE 10 Security Update : dovecot (dovecot-5647)
Medium Nessus Plugin ID 34320
SynopsisThe remote openSUSE host is missing a security update.
DescriptionWhen configured with 'mail_extra_groups' dovecot potentially allowed users to read mail boxes of other users. This is not the case in the default configuration of on openSUSE (CVE-2008-1199).
By using tab characters in passwords remote attackers could potentially acquire unauthorized access (CVE-2008-1218).
Flaws in caching LDAP data could lead to users getting logged in with the wrong account (CVE-2007-6598).
SolutionUpdate the affected dovecot packages.