Launchpad CVE tracker

CVE 2008-4907

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Related bugs and status

CVE-2008-4907 (Candidate) is related to these bugs:

Bug #164837: Dovecot SASL for postfix

Summary				In	Importance	Status
	164837	Dovecot SASL for postfix		dovecot (Ubuntu)	Low	Fix Released
	164837	Dovecot SASL for postfix		tasksel (Ubuntu)	Undecided	Invalid

Bug #264306: Panic: file sieve-cmu.c: line 88 (unfold_header): assertion failed: (str[i] == ' ' || str[i] == '\t')

Summary				In	Importance	Status
	264306	Panic: file sieve-cmu.c: line 88 (unfold_header): assertion failed: (str[i] == ' ' \|\| str[i] == '\t')		dovecot (Ubuntu)	Medium	Fix Released

Bug #290901: [SRU] for broken header parser

Summary				In	Importance	Status
	290901	[SRU] for broken header parser		dovecot (Ubuntu)	High	Fix Released
	290901	[SRU] for broken header parser		dovecot (Ubuntu Intrepid)	High	Fix Released

Bug #307291: Security hole in ManageSieve: Virtual users can edit scripts of other virtual users

Summary				In	Importance	Status
	307291	Security hole in ManageSieve: Virtual users can edit scripts of other virtual users		dovecot (Ubuntu)	Undecided	Fix Released
	307291	Security hole in ManageSieve: Virtual users can edit scripts of other virtual users		dovecot (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-4907

References