Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: rPSA-2008-0001-1 dovecot
From: Dominic Hargreaves <dom () earth li>
Date: Thu, 3 Jan 2008 20:23:45 +0000
On Thu, Jan 03, 2008 at 01:33:39PM -0500, rPath Update Announcements wrote:


rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2076

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6598


This CVE does not exist - do you mean
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794
?


Description:
    Previous versions of the dovecot package contain multiple
    vulnerabilities, the most serious of which might confuse
    LDAP-authenticated logins between different users with the
    same password.  Other vulnerabilities include Denials of
    Service which appear to be limited to the connecting user.

http://wiki.rpath.com/Advisories:rPSA-2008-0001


This is rather misleading - the bug was not in Dovecot, but in nss_ldap.
You may have put a workaround into Dovecot, but it would have been
polite to mention this fact.

Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]