Vulnerabilities > CVE-2017-15132 - Missing Release of Resource after Effective Lifetime vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2018-01-25

Updated: 2024-11-21

Summary

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

Vulnerable Configurations

Part	Description	Count
Application	Dovecot Dovecot Dovecot 2.0.0 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.4 Dovecot Dovecot 2.0.5 Dovecot Dovecot 2.0.6 Dovecot Dovecot 2.0.7 Dovecot Dovecot 2.0.8 Dovecot Dovecot 2.0.9 Dovecot Dovecot 2.0.10 Dovecot Dovecot 2.0.11 Dovecot Dovecot 2.0.12 Dovecot Dovecot 2.0.13 Dovecot Dovecot 2.0.14 Dovecot Dovecot 2.0.15 Dovecot Dovecot 2.1 Dovecot Dovecot 2.1.0 Dovecot Dovecot 2.1.1 Dovecot Dovecot 2.1.2 Dovecot Dovecot 2.1.3 Dovecot Dovecot 2.1.4 Dovecot Dovecot 2.1.5 Dovecot Dovecot 2.1.6 Dovecot Dovecot 2.1.7 Dovecot Dovecot 2.1.8 Dovecot Dovecot 2.1.9 Dovecot Dovecot 2.1.10 Dovecot Dovecot 2.1.11 Dovecot Dovecot 2.1.12 Dovecot Dovecot 2.1.13 Dovecot Dovecot 2.1.14 Dovecot Dovecot 2.1.15 Dovecot Dovecot 2.1.16 Dovecot Dovecot 2.1.17 Dovecot Dovecot 2.2 Dovecot Dovecot 2.2.0 Dovecot Dovecot 2.2.1 Dovecot Dovecot 2.2.2 Dovecot Dovecot 2.2.3 Dovecot Dovecot 2.2.4 Dovecot Dovecot 2.2.5 Dovecot Dovecot 2.2.6 Dovecot Dovecot 2.2.7 Dovecot Dovecot 2.2.8 Dovecot Dovecot 2.2.9 Dovecot Dovecot 2.2.10 Dovecot Dovecot 2.2.11 Dovecot Dovecot 2.2.12 Dovecot Dovecot 2.2.13 Dovecot Dovecot 2.2.14 Dovecot Dovecot 2.2.15 Dovecot Dovecot 2.2.16 Dovecot Dovecot 2.2.17 Dovecot Dovecot 2.2.18 Dovecot Dovecot 2.2.19 Dovecot Dovecot 2.2.20 Dovecot Dovecot 2.2.21 Dovecot Dovecot 2.2.21.1 Dovecot Dovecot 2.2.21.2 Dovecot Dovecot 2.2.21.2.2 Dovecot Dovecot 2.2.22 Dovecot Dovecot 2.2.23 Dovecot Dovecot 2.2.23.1 Dovecot Dovecot 2.2.24 Dovecot Dovecot 2.2.24.1 Dovecot Dovecot 2.2.24.2 Dovecot Dovecot 2.2.25 Dovecot Dovecot 2.2.25.1 Dovecot Dovecot 2.2.25.2 Dovecot Dovecot 2.2.25.3 Dovecot Dovecot 2.2.25.4 Dovecot Dovecot 2.2.25.4.2 Dovecot Dovecot 2.2.26 Dovecot Dovecot 2.2.26.0 Dovecot Dovecot 2.2.27 Dovecot Dovecot 2.2.28 Dovecot Dovecot 2.2.29 Dovecot Dovecot 2.2.29.1 Dovecot Dovecot 2.2.30 Dovecot Dovecot 2.2.30.1 Dovecot Dovecot 2.2.30.2 Dovecot Dovecot 2.2.31 Dovecot Dovecot 2.2.32 Dovecot Dovecot 2.2.33 Dovecot Dovecot 2.3.0	154
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0 Debian Debian Linux 9.0	3
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 17.10	4

Common Weakness Enumeration (CWE)

CWE-772 - Missing Release of Resource after Effective Lifetime

Common Attack Pattern Enumeration and Classification (CAPEC)

HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-0466-1.NASL
description	This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot
last seen	2020-06-01
modified	2020-06-02
plugin id	106899
published	2018-02-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106899
title	SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2018:0466-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0466-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(106899); script_version("3.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-15132"); script_name(english:"SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2018:0466-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1075608" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15132/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180466-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?54800102" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-321=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-321=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-321=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-321=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-321=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2\|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-mysql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-pgsql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-sqlite-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-debugsource-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-mysql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-pgsql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-sqlite-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-debugsource-2.2.31-19.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot22"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1056.NASL
description	According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot
last seen	2020-05-06
modified	2018-03-20
plugin id	108460
published	2018-03-20
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108460
title	EulerOS 2.0 SP1 : dovecot (EulerOS-SA-2018-1056)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108460); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-15132" ); script_name(english:"EulerOS 2.0 SP1 : dovecot (EulerOS-SA-2018-1056)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.(CVE-2017-15132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1056 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?29aafce4"); script_set_attribute(attribute:"solution", value: "Update the affected dovecot package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pigeonhole"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dovecot-2.2.10-5.h2", "dovecot-mysql-2.2.10-5.h2", "dovecot-pgsql-2.2.10-5.h2", "dovecot-pigeonhole-2.2.10-5.h2"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-189.NASL
description	This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot
last seen	2020-06-05
modified	2018-02-21
plugin id	106921
published	2018-02-21
reporter	This script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106921
title	openSUSE Security Update : dovecot22 (openSUSE-2018-189)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-189. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106921); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-15132"); script_name(english:"openSUSE Security Update : dovecot22 (openSUSE-2018-189)"); script_summary(english:"Check for the openSUSE-2018-189 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075608" ); script_set_attribute( attribute:"solution", value:"Update the affected dovecot22 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-lucene"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-lucene-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-solr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-solr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-squat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-squat-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-mysql-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-mysql-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-pgsql-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-pgsql-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-sqlite-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-sqlite-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-debugsource-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-devel-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-lucene-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-lucene-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-solr-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-solr-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-squat-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-squat-debuginfo-2.2.31-2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot22 / dovecot22-backend-mysql / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1057.NASL
description	According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot
last seen	2020-05-06
modified	2018-03-20
plugin id	108461
published	2018-03-20
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108461
title	EulerOS 2.0 SP2 : dovecot (EulerOS-SA-2018-1057)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108461); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-15132" ); script_name(english:"EulerOS 2.0 SP2 : dovecot (EulerOS-SA-2018-1057)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.(CVE-2017-15132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1057 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11eae11a"); script_set_attribute(attribute:"solution", value: "Update the affected dovecot package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pigeonhole"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dovecot-2.2.10-5.h1", "dovecot-mysql-2.2.10-5.h1", "dovecot-pgsql-2.2.10-5.h1", "dovecot-pigeonhole-2.2.10-5.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3556-1.NASL
description	It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	106582
published	2018-02-02
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106582
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : dovecot vulnerability (USN-3556-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3556-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106582); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2017-15132"); script_xref(name:"USN", value:"3556-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : dovecot vulnerability (USN-3556-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3556-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected dovecot-core package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-core"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04\|16\.04\|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"dovecot-core", pkgver:"1:2.2.9-1ubuntu2.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"dovecot-core", pkgver:"1:2.2.22-1ubuntu2.6")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"dovecot-core", pkgver:"1:2.2.27-3ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot-core"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4130.NASL
description	Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and
last seen	2020-06-01
modified	2020-06-02
plugin id	107122
published	2018-03-05
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107122
title	Debian DSA-4130-1 : dovecot - security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4130. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(107122); script_version("3.4"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2017-14461", "CVE-2017-15130", "CVE-2017-15132"); script_xref(name:"DSA", value:"4130"); script_name(english:"Debian DSA-4130-1 : dovecot - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. - CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. - CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888432" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891819" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891820" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-14461" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-15130" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-15132" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/dovecot" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/dovecot" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/dovecot" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4130" ); script_set_attribute( attribute:"solution", value: "Upgrade the dovecot packages. For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"dovecot-core", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-dbg", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-dev", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-gssapi", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-imapd", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-ldap", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-lmtpd", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-lucene", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-managesieved", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-mysql", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-pgsql", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-pop3d", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-sieve", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-solr", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-sqlite", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-core", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-dbg", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-dev", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-gssapi", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-imapd", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-ldap", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-lmtpd", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-lucene", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-managesieved", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-mysql", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-pgsql", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-pop3d", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-sieve", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-solr", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-sqlite", reference:"1:2.2.27-3+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1333.NASL
description	Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and
last seen	2020-03-17
modified	2018-04-02
plugin id	108767
published	2018-04-02
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108767
title	Debian DLA-1333-1 : dovecot security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1333-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(108767); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-14461", "CVE-2017-15130", "CVE-2017-15132"); script_name(english:"Debian DLA-1333-1 : dovecot security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication. For Debian 7 'Wheezy', these problems have been fixed in version 1:2.1.7-7+deb7u2. We recommend that you upgrade your dovecot packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/dovecot" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-lmtpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-managesieved"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-pop3d"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-sieve"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-solr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"dovecot-common", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-core", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-dbg", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-dev", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-gssapi", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-imapd", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-ldap", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-lmtpd", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-managesieved", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-mysql", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-pgsql", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-pop3d", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-sieve", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-solr", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-sqlite", reference:"1:2.1.7-7+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_92B8B284A3A241B1956CF9CF8B74F500.NASL
description	Pedro Sampaio reports : A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. A abort of SASL authentication results in a memory leak in Dovecot auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
last seen	2020-06-01
modified	2020-06-02
plugin id	106426
published	2018-01-29
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106426
title	FreeBSD : dovecot -- abort of SASL authentication results in a memory leak (92b8b284-a3a2-41b1-956c-f9cf8b74f500)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(106426); script_version("1.6"); script_cvs_date("Date: 2018/11/10 11:49:47"); script_cve_id("CVE-2017-15132"); script_name(english:"FreeBSD : dovecot -- abort of SASL authentication results in a memory leak (92b8b284-a3a2-41b1-956c-f9cf8b74f500)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Pedro Sampaio reports : A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. A abort of SASL authentication results in a memory leak in Dovecot auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1532768" ); # https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?19f4bee9" ); # https://vuxml.freebsd.org/freebsd/92b8b284-a3a2-41b1-956c-f9cf8b74f500.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?add8d437" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"dovecot>2.0<=2.2.33.2_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"dovecot>=2.3<=2.3.0")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References