Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1763 Dovecot -- Multiple vulnerabilities 19 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dovecot Publisher: FreeBSD Operating System: FreeBSD Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-10967 CVE-2020-10958 CVE-2020-10957 Reference: ESB-2020.1762 Original Bulletin: http://www.vuxml.org/freebsd/37d106a8-15a4-483e-8247-fcb68b16eaf8.html - --------------------------BEGIN INCLUDED TEXT-------------------- Dovecot -- Multiple vulnerabilities Affected packages dovecot < 2.3.10.1 Details VuXML ID 37d106a8-15a4-483e-8247-fcb68b16eaf8 Discovery 2020-04-02 Entry 2020-05-18 Aki Tuomi reports: Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted MTA. Steps to reproduce: Send ``NOOP EE"FY`` to submission port, or similarly malformed command. Vulnerability Details: Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted MTA. Steps to reproduce: This can be currently reproduced with ASAN or Valgrind. Reliable way to crash has not yet been discovered. Vulnerability Details: Sending mail with empty quoted localpart causes submission or lmtp component to crash. Risk: Malicious actor can cause denial of service to mail delivery by repeatedly sending mails with bad sender or recipient address. Steps to reproduce: Send mail with envelope sender or recipient as <""@example.org>. Workaround: For submission there is no workaround, but triggering the bug requires valid credentials. For lmtp, one can implement sufficient filtering on MTA level to prevent mails with such addresses from ending up in LMTP delivery. [source] References CVE Name CVE-2020-10957 CVE Name CVE-2020-10958 CVE Name CVE-2020-10967 URL https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXsMTeONLKJtyKPYoAQjh3BAArf+gS2ik8lNF8Q5C1m4gtfztS1aUxNHO jEke+F9DCBl/LxPJl+ObQWHv/EFA+GkgOg/+YpDdi196MVSO2tFCBwrch/6m/MLK nZ5ZNXAFldPKkiWD3y6625WmeSgsJGTe76PWBGZZ9kNOexozbEn+N/D0R1H4i7sx 3mvEqU3I80+1mTYiHGr8xL4Q5L7XbIhByf1qmYOM2ecP0NQSY6oP2IqXB1IPqn5I gTOOXiFK7/zqEbtmOXPJo5+hQ1TKqGhE1kGLeOEIj3bahAXXiPAwTcHEL6reU5sd BbfKt1IEiKthgH0nfeOynrfz/54y3HTcAYUBp6ilAis7WQTUrbxpmlcoW8Fx0fy7 EMzVVrkngl2K1mYrD0tHEZLTRN5CKH8g4ev674z0k9dG49lCKkhK1QRfB5e+cnsL CZK2pqadON+W8P7HrxtsX6poxfbfITm/Ov5bBETnWEStU4Im4w89ObLQ5RNxKxnH Sthd1KMhPdk3i4b3qCcHMmydAI6psdu9S8opnuoF+RRgSfAwHKuINBnNSFp5Qck/ EshW8SyY0nBB7INO+DG7CQzPZ2bpnxkHu4PonRbs2ZTruSpxpYBpHKfTgstlBNaW ecQNQlnYc/xVRc8mMamyPo+J3onuuXhgz7oVXEpvwO5i+T3M2dPZ15lRvd1zfPI7 Yuq7G9g+2vM= =EJaI -----END PGP SIGNATURE-----