Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20190923_DOVECOT_ON_SL6_X.NASLHistorySep 24, 2019 - 12:00 a.m.
Scientific Linux Security Update : dovecot on SL6.x i386/x86_64 (20190923)
2019-09-2400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.614
Percentile
97.8%
- dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('compat.inc');
if (description)
{
script_id(129277);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/23");
script_cve_id("CVE-2019-11500");
script_name(english:"Scientific Linux Security Update : dovecot on SL6.x i386/x86_64 (20190923)");
script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"* dovecot: improper NULL byte handling in IMAP and ManageSieve
protocol parsers leads to out of bounds writes (CVE-2019-11500)");
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1909&L=SCIENTIFIC-LINUX-ERRATA&P=14616
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?405fcf74");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11500");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/29");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:dovecot");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:dovecot-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:dovecot-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:dovecot-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:dovecot-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:dovecot-pigeonhole");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Scientific Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"dovecot-2.0.9-22.el6_10.1")) flag++;
if (rpm_check(release:"SL6", reference:"dovecot-debuginfo-2.0.9-22.el6_10.1")) flag++;
if (rpm_check(release:"SL6", reference:"dovecot-devel-2.0.9-22.el6_10.1")) flag++;
if (rpm_check(release:"SL6", reference:"dovecot-mysql-2.0.9-22.el6_10.1")) flag++;
if (rpm_check(release:"SL6", reference:"dovecot-pgsql-2.0.9-22.el6_10.1")) flag++;
if (rpm_check(release:"SL6", reference:"dovecot-pigeonhole-2.0.9-22.el6_10.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot / dovecot-debuginfo / dovecot-devel / dovecot-mysql / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | dovecot | p-cpe:/a:fermilab:scientific_linux:dovecot |
| fermilab | scientific_linux | dovecot-debuginfo | p-cpe:/a:fermilab:scientific_linux:dovecot-debuginfo |
| fermilab | scientific_linux | dovecot-devel | p-cpe:/a:fermilab:scientific_linux:dovecot-devel |
| fermilab | scientific_linux | dovecot-mysql | p-cpe:/a:fermilab:scientific_linux:dovecot-mysql |
| fermilab | scientific_linux | dovecot-pgsql | p-cpe:/a:fermilab:scientific_linux:dovecot-pgsql |
| fermilab | scientific_linux | dovecot-pigeonhole | p-cpe:/a:fermilab:scientific_linux:dovecot-pigeonhole |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
oraclelinux
oraclelinux
dovecot security update
2019-09-23 00:00:00
dovecot security update
2019-09-20 00:00:00
dovecot security update
2019-09-23 00:00:00
ubuntucve
ubuntucve
CVE-2019-11500
2019-08-28 00:00:00
freebsd
freebsd
Dovecot -- improper input validation
2019-04-13 00:00:00
openvas
openvas
Dovecot < 2.2.36.4 and < 2.3.7.2 Heap Overflow Vulnerability
2019-08-30 00:00:00
Debian: Security Advisory (DLA-1901-1)
2019-08-30 00:00:00
Ubuntu: Security Advisory (USN-4110-4)
2022-08-26 00:00:00
alpinelinux
alpinelinux
CVE-2019-11500
2019-08-29 14:15:11
osv
osv
CVE-2019-11500
2019-08-29 14:15:11
dovecot - security update
2019-08-29 00:00:00
dovecot - security update
2019-08-28 00:00:00
ubuntu
ubuntu
Dovecot vulnerability
2019-08-28 00:00:00
Dovecot regression
2019-08-28 00:00:00
Dovecot regression
2019-08-28 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : dovecot (EulerOS-SA-2019-2243)
2019-11-08 00:00:00
Scientific Linux Security Update : dovecot on SL7.x x86_64 (20190920)
2019-09-23 00:00:00
NewStart CGSL MAIN 4.06 : dovecot Vulnerability (NS-SA-2019-0211)
2019-12-06 00:00:00
redhat
redhat
(RHSA-2019:2836) Important: dovecot security update
2019-09-20 08:22:52
(RHSA-2019:2822) Important: dovecot security update
2019-09-20 01:37:54
(RHSA-2019:2885) Important: dovecot security update
2019-09-23 19:48:53
debian
debian
[SECURITY] [DSA 4510-1] dovecot security update
2019-08-28 12:15:27
[SECURITY] [DSA 4510-1] dovecot security update
2019-08-28 12:15:27
[SECURITY] [DLA 1901-1] dovecot security update
2019-08-29 19:02:49
checkpoint_advisories
checkpoint_advisories
Dovecot And Pigeonhole Remote Code Execution (CVE-2019-11500)
2020-03-01 00:00:00
cve
cve
CVE-2019-11500
2019-08-29 14:15:11
archlinux
archlinux
[ASA-201908-18] dovecot: arbitrary code execution
2019-08-28 00:00:00
[ASA-201908-19] pigeonhole: arbitrary code execution
2019-08-28 00:00:00
centos
centos
dovecot security update
2019-09-27 12:11:33
dovecot security update
2019-09-26 13:00:35
amazon
amazon
Important: dovecot
2019-11-04 22:10:00
nvd
nvd
CVE-2019-11500
2019-08-29 14:15:11
veracode
veracode
Remote Code Execution (RCE)
2019-09-21 00:17:27
debiancve
debiancve
CVE-2019-11500
2019-08-29 14:15:11
prion
prion
Remote code execution
2019-08-29 14:15:00
fedora
fedora
[SECURITY] Fedora 31 Update: dovecot-2.3.7.2-1.fc31
2019-09-14 16:38:16
[SECURITY] Fedora 29 Update: dovecot-2.3.7.2-1.fc29
2019-09-06 12:59:59
[SECURITY] Fedora 30 Update: dovecot-2.3.7.2-1.fc30
2019-08-30 14:21:41
redhatcve
redhatcve
CVE-2019-11500
2019-10-10 05:23:44
cvelist
cvelist
CVE-2019-11500
2019-08-29 13:51:46
altlinux
altlinux
mageia
mageia
Updated dovecot packages fix security vulnerability
2019-09-08 17:09:05
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2019-08-31 00:00:00
suse
suse
Security update for dovecot23 (important)
2019-10-07 00:00:00
Security update for dovecot23 (important)
2019-10-07 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.614
Percentile
97.8%
Related for SL_20190923_DOVECOT_ON_SL6_X.NASL