Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <c4d5a641-e25e-d39a-5911-c70eed7ac229@dovecot.fi>
Date: Wed, 12 Feb 2020 14:05:02 +0200
From: Aki Tuomi <aki.tuomi@...ecot.fi>
To: oss-security <oss-security@...ts.openwall.com>,
 full-disclosure <full-disclosure@...ts.openwall.com>
Subject: CVE-2020-7046: Dovecot: Truncated UTF-8 can be used to DoS submission-login
 and lmtp processes

Open-Xchange Security Advisory 2020-02-12

Affected product: Dovecot Core
Internal reference: DOV-3744 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: submission-login, lmtp
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference: CVE-2020-7046
CVSS: 7.5 (CVSS3.1:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Vulnerability Details:

lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.

Risk:

Attacker can cause submission-login and lmtp processes to be exhausted,
leading into denial of service and CPU resource exhaustion.

Solution:

Upgrade to 2.3.9.3.




Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.