Main Vulnerability Database SB2019050101

SB2019050101 - Multiple vulnerabilities in Dovecot

Published: May 1, 2019 Updated: May 6, 2019

Security Bulletin ID SB2019050101

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2019-11494)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within Submission-login when processing authentication. A remote attacker can unexpectedly abort the authentication process by disconnecting from the server during authentication and cause the software to crash.

2) Resource management error (CVE-ID: CVE-2019-11499)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect resource management error within the submission-login when processing incorrect authentication messages over TLS secure channel. A remote attacker can send an invalid authentication message and crash the service.

Remediation

Install update from vendor's website.

References

https://dovecot.org/doc/NEWS-2.3