well. can you give oid number of script? what os distribution you are running? is this authenicated scan?
-- Eero 2015-09-19 5:27 GMT+03:00 Walter York <[email protected]>: > This test, Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities > was a finding on my server. > > It stated that the following versions were affected: > Dovecot versions 1.0 before 1.0.4 and 1.1 before 1.1.7 > > It states the solution to: > Apply the patch or upgrade to Dovecot version 1.1.4 or 1.1.7 > http://www.dovecot.org/download.html > http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628 > http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d > > The Dovecot Version Detection check identified the version as: > Dovecot version 1 running at location /usr/libexec/dovecot > stdin: was detected on the host > Version used: $Revision: 1040 $ > > However, running the following command on the server returns the following: > root@bh01 [~]# dovecot --version > 2.2.16 > > 2.2.16 is drastically different than the 1040 or 1.0.4 identified. > > 1. *Should the tests be altered to state Dovecot Sieve Plugin in place > of Dovecot Version*? > > 2. *I am also confused as the guidance says apply the patch OR upgrade > to Dovecot version 1.1.4 or 1.1.7. My Dovecot Version is 2.2.16, so why > would this check fail*? > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
