CVE-2019-3814 – dovecot: Improper certificate validation
https://notcve.org/view.php?id=CVE-2019-3814
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Se ha descubierto que Dovecot, en versiones anteriores a la 2.2.36.1 y 2.3.4.1, gestiona de manera incorrecta los certificados del cliente. Un atacante remoto en posesión de un certificado válido con un campo "username" vacío podría emplear este problema para suplantar a otros usuarios. It was discovered that Dovecot incorrectly handled client certificates. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html https://access.redhat.com/errata/RHSA-2019:3467 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS https://security.gentoo.org/glsa/201904-19 https://www.dovecot.org/list/dovecot/2019-Feb • CWE-295: Improper Certificate Validation •
CVE-2017-15130
https://notcve.org/view.php?id=CVE-2017-15130
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. Se ha descubierto un error de denegación de servicio (DoS) en dovecot en versiones anteriores a la 2.2.34. Un atacante que pueda generar nombres aleatorios del servidor SNI podría explotar las búsquedas de configuración TLS SNI, lo que conduce a un uso excesivo de memoria y al reinicio del proceso. • http://seclists.org/oss-sec/2018/q1/205 https://bugzilla.redhat.com/show_bug.cgi?id=1532356 https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html https://usn.ubuntu.com/3587-1 https://usn.ubuntu.com/3587-2 https://www.debian.org/security/2018/dsa-4130 https://www.dovecot.org/list/dovecot-news/2018-February/000370.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-14461
https://notcve.org/view.php?id=CVE-2017-14461
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Un email especialmente manipulado enviado mediante SMTP y pasado a Dovecot, de MTA, puede desencadenar una lectura fuera de límites que resulta en la posible revelación de información sensible y una denegación de servicio (DoS). Para desencadenar esta vulnerabilidad, un atacantes necesita enviar un mensaje de email especialmente manipulado al servidor. • http://www.securityfocus.com/bid/103201 https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510 https://usn.ubuntu.com/3587-1 https://usn.ubuntu.com/3587-2 https://www.debian.org/security/2018/dsa-4130 https://www.dovecot.org/list/dovecot-news/2018-February/000370.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-15132
https://notcve.org/view.php?id=CVE-2017-15132
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. Se ha detectado un fallo en dovecot desde la versión 2.0 hasta la 2.2.33 y 2.3.0. El aborto de una autenticación SASL resulta en una fuga de memoria en el cliente de autenticación de dovecot utilizado por los procesos de inicio de sesión. • https://bugzilla.redhat.com/show_bug.cgi?id=1532768 https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html https://usn.ubuntu.com/3556-1 https://usn.ubuntu.com/3556-2 https://www.debian.org/security/2018/dsa-4130 https://www.dovecot.org/list/dovecot-news/2018-February/000370.html • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-2669
https://notcve.org/view.php?id=CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. Dovecot en versiones anteriores a la 2.2.29 es vulnerable a una denegación de servicio (DoS). Cuando se emplearon los "dict" passdb y userdb para la autenticación de usuarios, el nombre de usuario enviado por el cliente IMAP/POP3 se envió mediante var_expand() para realizar la expansión de %variable. • http://www.openwall.com/lists/oss-security/2017/04/11/1 http://www.securityfocus.com/bid/97536 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2669 https://dovecot.org/pipermail/dovecot-news/2017-April/000341.html https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735.patch https://www.debian.org/security/2017/dsa-3828 • CWE-20: Improper Input Validation •