Multiple vulnerabilities in Dovecot



Published: 2020-08-13
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2020-12100
CVE-2020-12673
CVE-2020-12674
CWE ID CWE-835
CWE-125
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Dovecot
Server applications / Mail servers

Vendor Dovecot

Security Advisory

1) Infinite loop

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-12100

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in submission, lmtp, and lda when processing e-mail message with deeply nested MIME parts. A remote attacker can send a specially crafted email to consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dovecot: 2.3.0, 2.3.0.1, 2.3.1, 2.3.2, 2.3.2.1, 2.3.3, 2.3.4, 2.3.4.1, 2.3.5, 2.3.5.1, 2.3.5.2, 2.3.6, 2.3.7, 2.3.7.1, 2.3.7.2, 2.3.8, 2.3.9, 2.3.9.1, 2.3.9.2, 2.3.9.3, 2.3.10, 2.3.10.1, 2.3.11, 2.3.11.2

CPE External links

https://dovecot.org/pipermail/dovecot-news/2020-August/000441.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-12673

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing NTLM requests. A remote attacker can send a specially formatted NTLM reques, trigger out-of-bounds read error and crash the auth service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dovecot: 2.3.0, 2.3.0.1, 2.3.1, 2.3.2, 2.3.2.1, 2.3.3, 2.3.4, 2.3.4.1, 2.3.5, 2.3.5.1, 2.3.5.2, 2.3.6, 2.3.7, 2.3.7.1, 2.3.7.2, 2.3.8, 2.3.9, 2.3.9.1, 2.3.9.2, 2.3.9.3, 2.3.10, 2.3.10.1, 2.3.11, 2.3.11.2

CPE External links

https://dovecot.org/pipermail/dovecot-news/2020-August/000442.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-12674

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in RPA requests. A remote attacker can send a specially formatted 0-lenght RPA request and crash the auth service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dovecot: 2.3.0, 2.3.0.1, 2.3.1, 2.3.2, 2.3.2.1, 2.3.3, 2.3.4, 2.3.4.1, 2.3.5, 2.3.5.1, 2.3.5.2, 2.3.6, 2.3.7, 2.3.7.1, 2.3.7.2, 2.3.8, 2.3.9, 2.3.9.1, 2.3.9.2, 2.3.9.3, 2.3.10, 2.3.10.1, 2.3.11, 2.3.11.2

CPE External links

https://dovecot.org/pipermail/dovecot-news/2020-August/000443.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###