Rapid7 Vulnerability & Exploit Database

RHSA-2011:1187: dovecot security update

Back to Search

RHSA-2011:1187: dovecot security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
05/24/2011
Created
07/25/2018
Added
08/29/2011
Modified
07/04/2017

Description

Dovecot is an IMAP server for Linux, UNIX, and similar operating systems,primarily written with security in mind.A denial of service flaw was found in the way Dovecot handled NULLcharacters in certain header names. A mail message with specially-craftedheaders could cause the Dovecot child process handling the target user'sconnection to crash, blocking them from downloading the messagesuccessfully and possibly leading to the corruption of their mailbox.(CVE-2011-1929)Users of dovecot are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing theupdated packages, the dovecot service will be restarted automatically.

Solution(s)

  • redhat-upgrade-dovecot
  • redhat-upgrade-dovecot-debuginfo
  • redhat-upgrade-dovecot-devel
  • redhat-upgrade-dovecot-mysql
  • redhat-upgrade-dovecot-pgsql
  • redhat-upgrade-dovecot-pigeonhole

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;