This test, Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities was a finding on my server. It stated that the following versions were affected: Dovecot versions 1.0 before 1.0.4 and 1.1 before 1.1.7 It states the solution to:Apply the patch or upgrade to Dovecot version 1.1.4 or 1.1.7 http://www.dovecot.org/download.html http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628 http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d The Dovecot Version Detection check identified the version as:Dovecot version 1 running at location /usr/libexec/dovecotstdin: was detected on the hostVersion used: $Revision: 1040 $ However, running the following command on the server returns the following:root@bh01 [~]# dovecot --version2.2.16 2.2.16 is drastically different than the 1040 or 1.0.4 identified. 1. Should the tests be altered to state Dovecot Sieve Plugin in place of Dovecot Version? 2. I am also confused as the guidance says apply the patch OR upgrade to Dovecot version 1.1.4 or 1.1.7. My Dovecot Version is 2.2.16, so why would this check fail?
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
