Arch Linux update for dovecot



Published: 2020-05-19
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2020-10957
CVE-2020-10958
CVE-2020-10967
CWE ID CWE-476
CWE-416
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
Arch Linux
Operating systems & Components / Operating system

Vendor Arch Linux

Security Advisory

1) NULL pointer dereference

Risk: Medium

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-10957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing NOOP command. A remote attacker can send a specially crafted NOOP command to submission, submission-login or lmtp service, trigger a NULL pointer dereference and perform a denial of service attack.

PoC command:

``NOOP EE"FY``

Mitigation

Update the affected package dovecot to version 2.3.10.1-1.

Vulnerable software versions

Arch Linux: -

CPE External links

https://security.archlinux.org/advisory/ASA-202005-9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use-after-free

Risk: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-10958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when processing newline characters. A remote attacker can a specially crafted command to submission, submission-login or lmtp service and perform a denial of service (DoS) attack.

Mitigation

Update the affected package dovecot to version 2.3.10.1-1.

Vulnerable software versions

Arch Linux: -

CPE External links

https://security.archlinux.org/advisory/ASA-202005-9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

Risk: Medium

CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-10967

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input passed via email message. A remote attacker can send a specially crafted email with empty quoted localpart and crash the submission or lmtp service.

PoC:

Send mail with envelope sender or recipient as ``<""@example.org>``.

Mitigation

Update the affected package dovecot to version 2.3.10.1-1.

Vulnerable software versions

Arch Linux: -

CPE External links

https://security.archlinux.org/advisory/ASA-202005-9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.