Input validation error in Dovecot - CVE-2011-4318
Published: March 7, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU43025
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-4318
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dovecot
Affected software:
Dovecot
Dovecot
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
How to mitigate CVE-2011-4318
Install update from vendor's website.
Sources
- http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1
- http://rhn.redhat.com/errata/RHSA-2013-0520.html
- http://secunia.com/advisories/46886
- http://secunia.com/advisories/52311
- http://www.dovecot.org/list/dovecot-news/2011-November/000200.html
- http://www.openwall.com/lists/oss-security/2011/11/18/5
- http://www.openwall.com/lists/oss-security/2011/11/18/7
- https://bugs.gentoo.org/show_bug.cgi?id=390887
- https://bugzilla.redhat.com/show_bug.cgi?id=754980