Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1059-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. (CVE-2010-3304)
It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstances. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes.
(CVE-2010-3706, CVE-2010-3707)
It was discovered that the ACL plugin in Dovecot would incorrectly grant the admin permission to owners of certain mailboxes. A remote authenticated user could possibly bypass intended access restrictions and gain access to mailboxes. (CVE-2010-3779)
It was discovered that Dovecot incorrecly handled the simultaneous disconnect of a large number of sessions. A remote authenticated user could use this flaw to cause Dovecot to crash, resulting in a denial of service.
(CVE-2010-3780)
Affected
dovecot vulnerabilities on Ubuntu 10.04 LTS ,
Ubuntu 10.10
Severity
Classification
-
CVE CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779, CVE-2010-3780 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities