Kod programskog paketa Dovecot uočen je novi sigurnosni nedostatak koji zlonamjernim korisnicima omogućuje kompromitaciju sustava rušenjem ranjive aplikacije.
Paket:
Dovecot 1.x
Operacijski sustavi:
Ubuntu Linux 10.04, Ubuntu Linux 10.10, Ubuntu Linux 11.04
Kritičnost:
3.7
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1929
Izvorni ID preporuke:
USN-1143-1
Izvor:
Ubuntu
Problem:
Nedostatak je posljedica neispravne obrade znaka ' ' u nazivima zaglavlja poruka.
Posljedica:
Zlonamjerni napadači mogu nedostatak iskoristiti za pokretanje napada uskraćivanja usluge.
Rješenje:
Objavljeni su nadograđeni paketi koji opisani propust ispravljaju pa se svim korisnicima savjetuje njihova primjena.
==========================================================================
Ubuntu Security Notice USN-1143-1
June 02, 2011
dovecot vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
An attacker could send a crafted email message that could disrupt email
service.
Software Description:
- dovecot: IMAP and POP3 email server
Details:
It was discovered that the message header parser in Dovecot did not
properly handle ' ' characters in header names. This could allow a
remote attacker to cause a denial of service through a crafted email
message by crashing the Dovecot daemon or corrupting mailboxes.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
dovecot-common 1:1.2.15-3ubuntu2.1
Ubuntu 10.10:
dovecot-common 1:1.2.12-1ubuntu8.2
Ubuntu 10.04 LTS:
dovecot-common 1:1.2.9-1ubuntu6.4
In general, a standard system update will make all the necessary changes.
References:
CVE-2011-1929
Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:1.2.15-3ubuntu2.1
https://launchpad.net/ubuntu/+source/dovecot/1:1.2.12-1ubuntu8.2
https://launchpad.net/ubuntu/+source/dovecot/1:1.2.9-1ubuntu6.4
Posljednje sigurnosne preporuke