Secunia Logo
Netsikker nu! 2008
 Vulnerability IntelligenceVulnerability ScanningBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Debian update for dovecot
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Debian update for dovecot
Secunia Advisory: SA29385
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2008-03-17
Popularity: 2,346 views

Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Partial Fix

OS:Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2008-1199
CVE-2008-1218
Description:
Debian has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

For more information:
SA29295

Solution:
Apply updated packages.

Note: This update may require further manual action. Please see the vendor's advisory for details.

-- Debian GNU/Linux 3.1 alias sarge --

The vendor recommends upgrading to Debian 4.0.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updat...d/dovecot/dovecot_1.0.rc15-2etch4.dsc
Size/MD5 checksum: 1300 8146ccf246ed64e1ac8c0127489ec798
http://security.debian.org/pool/updat.../dovecot/dovecot_1.0.rc15.orig.tar.gz
Size/MD5 checksum: 1463069 26f3d2b075856b1b1d180146363819e6
http://security.debian.org/pool/updat...vecot/dovecot_1.0.rc15-2etch4.diff.gz
Size/MD5 checksum: 102991 21959fc45cf0f8932fa9eb890791ff39

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updat...vecot-pop3d_1.0.rc15-2etch4_alpha.deb
Size/MD5 checksum: 583482 a0d18885da096140ceb4110d525569d4
http://security.debian.org/pool/updat...ecot-common_1.0.rc15-2etch4_alpha.deb
Size/MD5 checksum: 1379844 6103bce830848d3f9bb4347f5c9b94f0
http://security.debian.org/pool/updat...vecot-imapd_1.0.rc15-2etch4_alpha.deb
Size/MD5 checksum: 621320 48127903af1fe2130cb84c57e5a607ff

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updat...ecot-common_1.0.rc15-2etch4_amd64.deb
Size/MD5 checksum: 1222430 1c2e1ffeb6bf745ed88cde01c62d264a
http://security.debian.org/pool/updat...vecot-pop3d_1.0.rc15-2etch4_amd64.deb
Size/MD5 checksum: 536634 4f64ed0cc16510e9c3d709342b3c57ca
http://security.debian.org/pool/updat...vecot-imapd_1.0.rc15-2etch4_amd64.deb
Size/MD5 checksum: 569588 c17bac715f188f55ae20e5a3c95109b1

arm architecture (ARM)

http://security.debian.org/pool/updat...ovecot-common_1.0.rc15-2etch4_arm.deb
Size/MD5 checksum: 1123030 47eb9fddcc68c2c213afa10c8e3d8747
http://security.debian.org/pool/updat...dovecot-pop3d_1.0.rc15-2etch4_arm.deb
Size/MD5 checksum: 506134 0f4d939f2cf68f4e5b01140c846e50bc
http://security.debian.org/pool/updat...dovecot-imapd_1.0.rc15-2etch4_arm.deb
Size/MD5 checksum: 537564 82310ae4e42406429f8ade7cbb81abf0

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updat...vecot-common_1.0.rc15-2etch4_hppa.deb
Size/MD5 checksum: 1298818 603d12284115b6349e1d0334263d2af0
http://security.debian.org/pool/updat...ovecot-pop3d_1.0.rc15-2etch4_hppa.deb
Size/MD5 checksum: 562192 413ac964849698428c1b08e9cc9075bc
http://security.debian.org/pool/updat...ovecot-imapd_1.0.rc15-2etch4_hppa.deb
Size/MD5 checksum: 598934 811c32b5c7e2009e5bf2f0ee0ea26859

i386 architecture (Intel ia32)

http://security.debian.org/pool/updat...vecot-common_1.0.rc15-2etch4_i386.deb
Size/MD5 checksum: 1133484 3bf26ab783ddffed0b3c5ee53225ba20
http://security.debian.org/pool/updat...ovecot-imapd_1.0.rc15-2etch4_i386.deb
Size/MD5 checksum: 546528 d53c11fd1c39870bd208d684e70e7551
http://security.debian.org/pool/updat...ovecot-pop3d_1.0.rc15-2etch4_i386.deb
Size/MD5 checksum: 514280 e85dcbcdd9b85f6e09cdeb4c82b47916

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updat...ovecot-imapd_1.0.rc15-2etch4_ia64.deb
Size/MD5 checksum: 793878 106fe266dd26373615772b4e3636a914
http://security.debian.org/pool/updat...ovecot-pop3d_1.0.rc15-2etch4_ia64.deb
Size/MD5 checksum: 737582 18b15162711b22a704d0ff1ff26e0261
http://security.debian.org/pool/updat...vecot-common_1.0.rc15-2etch4_ia64.deb
Size/MD5 checksum: 1701788 7535b0a3407f664efa66bcf86966ff85

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updat...ovecot-pop3d_1.0.rc15-2etch4_mips.deb
Size/MD5 checksum: 559520 96d7ff1bbd3a38fbdd3bd06b4bc939fb
http://security.debian.org/pool/updat...ovecot-imapd_1.0.rc15-2etch4_mips.deb
Size/MD5 checksum: 594680 41536feb8048183b78f0d1742278520c
http://security.debian.org/pool/updat...vecot-common_1.0.rc15-2etch4_mips.deb
Size/MD5 checksum: 1265800 a42823e1253c78709d5d1c18668d9b40

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updat...cot-common_1.0.rc15-2etch4_mipsel.deb
Size/MD5 checksum: 1268408 25c8582fea24e3174283066b7c8b6525
http://security.debian.org/pool/updat...ecot-imapd_1.0.rc15-2etch4_mipsel.deb
Size/MD5 checksum: 594912 264c368593a3fe7a9268aadee2ab1292
http://security.debian.org/pool/updat...ecot-pop3d_1.0.rc15-2etch4_mipsel.deb
Size/MD5 checksum: 558832 d2a20bbfe49d234d0f3c7911c17c9bfb

powerpc architecture (PowerPC)

http://security.debian.org/pool/updat...cot-imapd_1.0.rc15-2etch4_powerpc.deb
Size/MD5 checksum: 569772 e49cc25c54e4fa88217e0fa555de6039
http://security.debian.org/pool/updat...cot-pop3d_1.0.rc15-2etch4_powerpc.deb
Size/MD5 checksum: 536000 92330b2d1fa2ae8bf6c1b8f05cea3d59
http://security.debian.org/pool/updat...ot-common_1.0.rc15-2etch4_powerpc.deb
Size/MD5 checksum: 1212096 e2339d417408e14eba21b28684926a5b

s390 architecture (IBM S/390)

http://security.debian.org/pool/updat...ovecot-pop3d_1.0.rc15-2etch4_s390.deb
Size/MD5 checksum: 559786 3f7faca1fa56aa29a013068e14e7fada
http://security.debian.org/pool/updat...vecot-common_1.0.rc15-2etch4_s390.deb
Size/MD5 checksum: 1290186 5b8722445aab8b59ba15beae695e7f77
http://security.debian.org/pool/updat...ovecot-imapd_1.0.rc15-2etch4_s390.deb
Size/MD5 checksum: 595498 ad3af123ee9c10dece62ff7cf0e84b35

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updat...vecot-imapd_1.0.rc15-2etch4_sparc.deb
Size/MD5 checksum: 533482 576d0f5a1a733dad01c868095488afcf
http://security.debian.org/pool/updat...ecot-common_1.0.rc15-2etch4_sparc.deb
Size/MD5 checksum: 1108250 1ac8086c83312fec554abd74074cf7b2
http://security.debian.org/pool/updat...vecot-pop3d_1.0.rc15-2etch4_sparc.deb
Size/MD5 checksum: 501514 27d4aa890df60532d0a33167df7af219

-- Debian GNU/Linux unstable alias sid --

Fixed in version 1.0.13-1.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00081.html

Other References:
SA29295:
http://secunia.com/advisories/29295/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

10th Oct, 2008
New advisories: 15
New vulnerabilities: 83
Updated advisories: 41

Moderately // 633 views
ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability
Moderately // 627 views
Built2go Real Estate Listings "event_id" SQL Injection
Highly // 899 views
Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow
Moderately // 662 views
Red Hat update for cups
Highly // 667 views
DFF PHP Framework API "DFF_config[dir_incl ude]" File Inclusion Vulnerabilities
Not // 740 views
FUJITSU Interstage Products Apache Tomcat Security Bypass
Moderately // 988 views
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Moderately // 641 views
Fedora update for condor
Moderately // 1,020 views
CUPS Multiple Vulnerabilities
Not // 704 views
Gentoo Portage Insecure Python Module Search Path Security Issue

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 28 views
2. CA ARCserve Backup Multiple Vulnerabilities // 27 views
3. phpBB Avatar Script Insertion Vulnerability // 26 views
4. ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability // 24 views
5. phpBB "gen_rand_string()" Predictable RNG Weakness // 23 views
6. FUJITSU Interstage Products Apache Tomcat Security Bypass // 23 views
7. Red Hat update for cups // 22 views
8. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 22 views
9. Opera Multiple Vulnerabilities // 22 views
10. DFF PHP Framework API "DFF_config[dir_include]" File Inclusion Vulnerabilities // 20 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008