Ubuntu 838-1: Dovecot vulnerabilities

    Date28 Sep 2009
    CategoryUbuntu
    50
    Posted ByLinuxSecurity Advisories
    It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) [More...]
    ===========================================================
    Ubuntu Security Notice USN-838-1         September 28, 2009
    dovecot vulnerabilities
    CVE-2008-4577, CVE-2008-5301, CVE-2009-2632, CVE-2009-3235
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      dovecot-common                  1:1.0.10-1ubuntu5.2
    
    Ubuntu 8.10:
      dovecot-common                  1:1.1.4-0ubuntu1.3
    
    Ubuntu 9.04:
      dovecot-common                  1:1.1.11-0ubuntu4.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that the ACL plugin in Dovecot would incorrectly handle
    negative access rights. An attacker could exploit this flaw to access the
    Dovecot server, bypassing the indended access restrictions. This only
    affected Ubuntu 8.04 LTS. (CVE-2008-4577)
    
    It was discovered that the ManageSieve service in Dovecot incorrectly
    handled ".." in script names. A remote attacker could exploit this to read
    and modify arbitrary sieve files on the server. This only affected Ubuntu
    8.10. (CVE-2008-5301)
    
    It was discovered that the Sieve plugin in Dovecot incorrectly handled
    certain sieve scripts. An authenticated user could exploit this with a
    crafted sieve script to cause a denial of service or possibly execute
    arbitrary code. (CVE-2009-2632, CVE-2009-3235)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.10-1ubuntu5.2.diff.gz
          Size/MD5:   407785 8bab610c8eaa3d584251f43f589458ef
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.10-1ubuntu5.2.dsc
          Size/MD5:     1295 381a3267d0258419fee8f054ee5bcd13
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.10.orig.tar.gz
          Size/MD5:  1797790 c050fa2a7dae8984d432595e3e8183e1
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.10-1ubuntu5.2_amd64.deb
          Size/MD5:  1838902 c0bd69b04f49b20bdbe7e2c830660e04
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu5.2_amd64.deb
          Size/MD5:   387834 b6a474d722d36ca98e2790954304d249
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubuntu5.2_amd64.deb
          Size/MD5:   662814 ab6309638125fabe5752177671b3f8b3
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubuntu5.2_amd64.deb
          Size/MD5:   625852 ce40fd95a9dc4bcc60c1b0c473a5e117
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.10-1ubuntu5.2_i386.deb
          Size/MD5:  1695832 b1c5df762f681ee1c6ab3a9903ff367a
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu5.2_i386.deb
          Size/MD5:   387848 d00535e76b28f9622ea77c36c69b808d
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubuntu5.2_i386.deb
          Size/MD5:   629748 61cb4fda4aa29fce1bf326522bbb2dda
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubuntu5.2_i386.deb
          Size/MD5:   596084 d97fb54aba0f43f014f9e1dfd6404456
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubuntu5.2_lpia.deb
          Size/MD5:  1689932 e20d72de31679d4698caaa2d3fd92ebb
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu5.2_lpia.deb
          Size/MD5:   387846 34903b7cdb220e85978c6483c7f09848
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubuntu5.2_lpia.deb
          Size/MD5:   630210 7238a78a55f787251facd75cc3a15539
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubuntu5.2_lpia.deb
          Size/MD5:   596564 f969a0ee5a2de65dee4e81de9c103622
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubuntu5.2_powerpc.deb
          Size/MD5:  1859284 96619941551bb690e56d6604972370da
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu5.2_powerpc.deb
          Size/MD5:   387880 cf175dd90cf5b677f55106c4e680ed9b
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubuntu5.2_powerpc.deb
          Size/MD5:   669752 2b3b052e0d9703b41886c57793e7d1d6
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubuntu5.2_powerpc.deb
          Size/MD5:   633286 d87398d7e70d3eaf53e2c6fdd8652c5b
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.0.10-1ubuntu5.2_sparc.deb
          Size/MD5:  1688040 38f3316086f8e23d3894a3391d5e1a4d
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.0.10-1ubuntu5.2_sparc.deb
          Size/MD5:   387864 ddb730f73fa997e160fc5cecb33849fa
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.0.10-1ubuntu5.2_sparc.deb
          Size/MD5:   626886 6f8101225f556210c487c1b893aa639e
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.0.10-1ubuntu5.2_sparc.deb
          Size/MD5:   593772 ea19773a3574702074ae05e30bdb248a
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.3.diff.gz
          Size/MD5:   928070 e0aa195d3428177fe9411548751772bd
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.3.dsc
          Size/MD5:     1631 9c08ffd5652cfb1773f44e124d13ca61
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4.orig.tar.gz
          Size/MD5:  2314155 0050dd609cb456c8e52565a85373df28
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.3_amd64.deb
          Size/MD5:  3741952 0b0cfe3678735916771b36e5ec160e06
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.3_amd64.deb
          Size/MD5:   550040 1917dfa8998eb7ca66ca3976bda173e1
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.3_amd64.deb
          Size/MD5:   950536 17d646723188b605fa3a3049498fe4ff
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.3_amd64.deb
          Size/MD5:   905584 f387f84340a9504321524219474fa147
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.3_i386.deb
          Size/MD5:  3517356 7e0152635e337f3270880854fd6c9915
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.3_i386.deb
          Size/MD5:   550052 13bf7c6602410ef8f36e12a0ad9acfa2
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.3_i386.deb
          Size/MD5:   921792 417d56c7b938c795e55f49900e915b3b
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.3_i386.deb
          Size/MD5:   875792 09ff4ebec07209aa3a6c8e4948a9fdef
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.3_lpia.deb
          Size/MD5:  3462178 1069f6a2dba50c0ca051f6729d5b690c
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.3_lpia.deb
          Size/MD5:   550044 ff2f07f9bf2e2790dfa3a0bb179f9818
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.3_lpia.deb
          Size/MD5:   913898 a9b186e1376c95035149e03cb6304f06
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.3_lpia.deb
          Size/MD5:   869782 3100c863e91d39871bbef95eb90fc5d2
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.3_powerpc.deb
          Size/MD5:  3809458 549f771da3cc47778cf39cd136fb31ea
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.3_powerpc.deb
          Size/MD5:   550068 a7684b6f8de2bdc0779e3f1909a71ddd
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.3_powerpc.deb
          Size/MD5:   967808 ac60bc51b60709e87c16e1a89b4d86a4
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.3_powerpc.deb
          Size/MD5:   917878 1a97248a18f853868f79a647baddadf9
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.3_sparc.deb
          Size/MD5:  3504892 2f9769dba2217da279734406fc4f7598
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.3_sparc.deb
          Size/MD5:   550104 785e41269e14f2dc8259b4c50d7521f5
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.3_sparc.deb
          Size/MD5:   919240 32d5e97daaac4a485a73e1c2deb4b12a
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.3_sparc.deb
          Size/MD5:   872784 ba89567df97c5852802dee8664592440
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.11-0ubuntu4.1.diff.gz
          Size/MD5:   933389 e69b949ee26b6f2d59549c14f473ff36
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.11-0ubuntu4.1.dsc
          Size/MD5:     1655 55553d872f13646ee67923675ba5aeca
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.11.orig.tar.gz
          Size/MD5:  2362415 c973eb41aca79fb16630a16f0d84f765
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-postfix_1.1.11-0ubuntu4.1_all.deb
          Size/MD5:    22572 dc5219ed120e1541596d327ea3c5bb25
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.11-0ubuntu4.1_amd64.deb
          Size/MD5:  3708084 016223dc6893ecf7e87d269f49125e58
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.11-0ubuntu4.1_amd64.deb
          Size/MD5:   565074 1d847edeba4f72d6bc849af74facb327
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.11-0ubuntu4.1_amd64.deb
          Size/MD5:   969828 7f4fae28f42007ddc221cb17a4698b46
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.11-0ubuntu4.1_amd64.deb
          Size/MD5:   925688 079c721b1076d1e0fbe207250acaac2f
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.11-0ubuntu4.1_i386.deb
          Size/MD5:  3489560 4891c8aaa08191613a910abca4004807
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.11-0ubuntu4.1_i386.deb
          Size/MD5:   565088 205baabd1480d8dc192ad8664806d79f
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.11-0ubuntu4.1_i386.deb
          Size/MD5:   939976 51b85c21d6985a0179ae400f150bbc43
        http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.11-0ubuntu4.1_i386.deb
          Size/MD5:   896494 c509b3e8e4f33a7b89b09fe898aa0a26
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.11-0ubuntu4.1_lpia.deb
          Size/MD5:  3438158 00fd839575485921909b33205279f434
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.11-0ubuntu4.1_lpia.deb
          Size/MD5:   565062 3f97b5355509275f1e895a2f8f2548b1
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.11-0ubuntu4.1_lpia.deb
          Size/MD5:   932192 69836d9eb88460c42f5fdea61a6e70aa
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.11-0ubuntu4.1_lpia.deb
          Size/MD5:   890114 c23e4311d013a7416392a2c2c28c2144
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.11-0ubuntu4.1_powerpc.deb
          Size/MD5:  3780660 bab41c6fcbcdf7e2f39d32f27e090ec3
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.11-0ubuntu4.1_powerpc.deb
          Size/MD5:   565124 b3d5cc8886c6be0b4c538c3204cb6cef
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.11-0ubuntu4.1_powerpc.deb
          Size/MD5:   987250 7a018b6c36747bde9d1cff6eb79a7a5d
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.11-0ubuntu4.1_powerpc.deb
          Size/MD5:   938730 c3a8c128308f0b1212300a0a2121ca43
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.11-0ubuntu4.1_sparc.deb
          Size/MD5:  3473282 d20e674b6c5fff91f20a75182b836664
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.11-0ubuntu4.1_sparc.deb
          Size/MD5:   565124 d9abbe6098367fbdb0cb75c58197edab
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.11-0ubuntu4.1_sparc.deb
          Size/MD5:   936990 62c55214cbb59c52e6df64a599135b28
        http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.11-0ubuntu4.1_sparc.deb
          Size/MD5:   893462 c613a178367b122aa0a4ef525f9f55e8
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.