CVE-2008-4907

Published: 4 November 2008

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Priority

Status

Package	Release	Status
dovecot Launchpad, Ubuntu, Debian	dapper	Not vulnerable (1.1.4 and 1.1.5 only)
	gutsy	Not vulnerable (1.1.4 and 1.1.5 only)
	hardy	Not vulnerable (1.1.4 and 1.1.5 only)
	intrepid	Released (1:1.1.4-0ubuntu1.2)
	upstream	Released (1.1.6)

References

https://ubuntu.com/security/notices/USN-666-1
https://www.cve.org/CVERecord?id=CVE-2008-4907
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/290901

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›