Dovecot Service Control Access List Security Bypass Vulnerability
BID:39258
Info
Dovecot Service Control Access List Security Bypass Vulnerability
| Bugtraq ID: | 39258 |
| Class: | Design Error |
| CVE: |
CVE-2010-0535 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2010 12:00AM |
| Updated: | Mar 29 2010 12:00AM |
| Credit: | Apple |
| Vulnerable: |
Dovecot Dovecot 1.2.8 Dovecot Dovecot 1.2.7 Dovecot Dovecot 1.1.6 Dovecot Dovecot 1.1.5 Dovecot Dovecot 1.1.4 Dovecot Dovecot 1.0.15 Dovecot Dovecot 1.0.13 Dovecot Dovecot 1.0.12 Dovecot Dovecot 1.0.11 Dovecot Dovecot 1.0.10 Dovecot Dovecot 1.0.9 Dovecot Dovecot 1.0.8 Dovecot Dovecot 1.0.7 Dovecot Dovecot 1.0.6 Dovecot Dovecot 1.0.5 Dovecot Dovecot 1.0.4 Dovecot Dovecot 1.0.3 Dovecot Dovecot 1.2 Dovecot Dovecot 1.1rc3 Dovecot Dovecot 1.1rc2 Dovecot Dovecot 1.0.RC9 Dovecot Dovecot 1.0.RC8 Dovecot Dovecot 1.0.RC7 Dovecot Dovecot 1.0.RC6 Dovecot Dovecot 1.0.RC5 Dovecot Dovecot 1.0.RC4 Dovecot Dovecot 1.0.RC3 Dovecot Dovecot 1.0.RC2 Dovecot Dovecot 1.0.RC15 Dovecot Dovecot 1.0.RC14 Dovecot Dovecot 1.0.RC13 Dovecot Dovecot 1.0.RC12 Dovecot Dovecot 1.0.RC11 Dovecot Dovecot 1.0.RC10 Dovecot Dovecot 1.0.Beta3 Dovecot Dovecot 1.0.Beta2 Dovecot Dovecot 1.0 rc29 Dovecot Dovecot 1.0 Rc1 Dovecot Dovecot 1.0 Beta8 Dovecot Dovecot 1.0 Beta7 Dovecot Dovecot 1.0 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.6 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.6 |
| Not Vulnerable: |
Apple Mac OS X Server 10.6.3 Apple Mac OS X 10.6.3 |
Discussion
Dovecot Service Control Access List Security Bypass Vulnerability
Dovecot is prone to a security-bypass vulnerability.
An authenticated attacker may perform unauthorized email actions.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Dovecot is prone to a security-bypass vulnerability.
An authenticated attacker may perform unauthorized email actions.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Exploit / POC
Dovecot Service Control Access List Security Bypass Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent
information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent
information, please mail us at: [email protected].
Solution / Fix
Dovecot Service Control Access List Security Bypass Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Apple Mac OS X Server 10.6
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6.2
Solution:
The vendor has released updates. Please see the references for more information.
Apple Mac OS X Server 10.6
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.1
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.2
-
Apple MacOSXServerUpd10.6.3.dmg
http://www.apple.com/support/downloads/
References
Dovecot Service Control Access List Security Bypass Vulnerability
References:
References:
- Dovecot Homepage (Dovecot)