The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3122 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3122-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                         Anton Gladky     September 27, 2022                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : dovecot     Version        : 1:2.3.4.1-5+deb10u7     CVE ID         : CVE-2021-33515 CVE-2022-30550

    Two security issues were discovered in dovecot: IMAP and POP3 email server.

    CVE-2021-33515

        The submission service in Dovecot before 2.3.15 allows STARTTLS command         injection in lib-smtp. Sensitive information can be redirected to an         attacker-controlled address.

    CVE-2022-30550

        When two passdb configuration entries exist with the same driver and args         settings, incorrectly applied settings can lead to an unintended security         configuration and can permit privilege escalation in certain configurations.

    For Debian 10 buster, these problems have been fixed in version     1:2.3.4.1-5+deb10u7.

    We recommend that you upgrade your dovecot packages.

    For the detailed security status of dovecot please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/dovecot

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3122 : dovecot-auth-lua - security update

high Nessus Plugin ID 165510

Version 1.3