Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:104 (dovecot)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67431

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:104 (dovecot)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to dovecot
announced via advisory MDVSA-2010:104.

A vulnerability was discovered and corrected in dovecot:

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows
remote attackers to cause a denial of service (CPU consumption)
via long headers in an e-mail message (CVE-2010-0745).

This update provides dovecot 1.2.11 which is not vulnerable to this
issue and also holds many bugfixes as well.

Affected: 2010.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:104
http://www.dovecot.org/list/dovecot-news/2010-March/000152.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0745
ADV-2010-1107
http://www.vupen.com/english/advisories/2010/1107
ADV-2010-1226
http://www.vupen.com/english/advisories/2010/1226
MDVSA-2010:104
http://www.mandriva.com/security/advisories?name=MDVSA-2010:104
SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
[dovecot-news] 20100308 v1.2.11 released
http://dovecot.org/list/dovecot-news/2010-March/000152.html
[dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP.
http://dovecot.org/pipermail/dovecot/2010-February/047190.html
[oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header
http://www.openwall.com/lists/oss-security/2010/03/10/6
[oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header
http://marc.info/?l=oss-security&m=127013715227551&w=2
http://security-tracker.debian.org/tracker/CVE-2010-0745
https://bugzilla.redhat.com/show_bug.cgi?id=572268

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67431
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:104 (dovecot)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to dovecot announced via advisory MDVSA-2010:104. A vulnerability was discovered and corrected in dovecot: Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message (CVE-2010-0745). This update provides dovecot 1.2.11 which is not vulnerable to this issue and also holds many bugfixes as well. Affected: 2010.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:104 http://www.dovecot.org/list/dovecot-news/2010-March/000152.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0745 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 ADV-2010-1226 http://www.vupen.com/english/advisories/2010/1226 MDVSA-2010:104 http://www.mandriva.com/security/advisories?name=MDVSA-2010:104 SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html [dovecot-news] 20100308 v1.2.11 released http://dovecot.org/list/dovecot-news/2010-March/000152.html [dovecot] 20100227 Possible CPU Denial-Of-Service attack to dovecot IMAP. http://dovecot.org/pipermail/dovecot/2010-February/047190.html [oss-security] 20100310 CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header http://www.openwall.com/lists/oss-security/2010/03/10/6 [oss-security] 20100401 Re: CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header http://marc.info/?l=oss-security&m=127013715227551&w=2 http://security-tracker.debian.org/tracker/CVE-2010-0745 https://bugzilla.redhat.com/show_bug.cgi?id=572268
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com