ID de Prueba:	1.3.6.1.4.1.25623.1.0.122524
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2009-0205)
Resumen:	The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2009-0205 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the ELSA-2009-0205 advisory. Vulnerability Insight: [1.0.7-7] - permissions of deliver and dovecot.conf from 1.0.7-5 reverted - password can be stored in different file readable only for root now - Resolves: #436287, CVE-2008-4870 [1.0.7-6] - added missing directory in file list - Resolves: #436287 [1.0.7-5] - change permissions of deliver and dovecot.conf to prevent possible password ex posure - Resolves: #436287 [1.0.7-4] - fix handling of negative rights in the ACL plugin - Resolves: #469015, CVE-2008-4577 [1.0.7-3] - fix package ownership for /etc/pki/dovecot/private (#448089) - update init script (#238016) - ask for SSL cert password during start-up (#436287) - fix for illegal characters in passwd (#439369) - Resolves: #448089, #238016, #436287, #439369 Affected Software/OS: 'dovecot' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4577 31587 http://www.securityfocus.com/bid/31587 32164 http://secunia.com/advisories/32164 32471 http://secunia.com/advisories/32471 33149 http://secunia.com/advisories/33149 33624 http://secunia.com/advisories/33624 36904 http://secunia.com/advisories/36904 ADV-2008-2745 http://www.vupen.com/english/advisories/2008/2745 FEDORA-2008-9202 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html FEDORA-2008-9232 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html GLSA-200812-16 http://security.gentoo.org/glsa/glsa-200812-16.xml MDVSA-2008:232 http://www.mandriva.com/security/advisories?name=MDVSA-2008:232 RHSA-2009:0205 http://www.redhat.com/support/errata/RHSA-2009-0205.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html USN-838-1 http://www.ubuntu.com/usn/USN-838-1 [Dovecot-news] 20081005 v1.1.4 released http://www.dovecot.org/list/dovecot-news/2008-October/000085.html http://bugs.gentoo.org/show_bug.cgi?id=240409 oval:org.mitre.oval:def:10376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376 Common Vulnerability Exposure (CVE) ID: CVE-2008-4870 http://www.openwall.com/lists/oss-security/2008/10/29/10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776 XForce ISS Database: dovecot-dovecot-information-disclosure(46323) https://exchange.xforce.ibmcloud.com/vulnerabilities/46323
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.