Vulnerabilities > CVE-2017-15132 - Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- HTTP DoS An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0466-1.NASL description This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot last seen 2020-06-01 modified 2020-06-02 plugin id 106899 published 2018-02-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106899 title SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2018:0466-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0466-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(106899); script_version("3.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-15132"); script_name(english:"SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2018:0466-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1075608" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15132/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180466-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?54800102" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-321=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-321=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-321=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-321=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-321=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-backend-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dovecot22-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-mysql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-pgsql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-sqlite-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"dovecot22-debugsource-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-mysql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-pgsql-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-sqlite-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-debuginfo-2.2.31-19.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"dovecot22-debugsource-2.2.31-19.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot22"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1056.NASL description According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot last seen 2020-05-06 modified 2018-03-20 plugin id 108460 published 2018-03-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108460 title EulerOS 2.0 SP1 : dovecot (EulerOS-SA-2018-1056) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108460); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-15132" ); script_name(english:"EulerOS 2.0 SP1 : dovecot (EulerOS-SA-2018-1056)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.(CVE-2017-15132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1056 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?29aafce4"); script_set_attribute(attribute:"solution", value: "Update the affected dovecot package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pigeonhole"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dovecot-2.2.10-5.h2", "dovecot-mysql-2.2.10-5.h2", "dovecot-pgsql-2.2.10-5.h2", "dovecot-pigeonhole-2.2.10-5.h2"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-189.NASL description This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot last seen 2020-06-05 modified 2018-02-21 plugin id 106921 published 2018-02-21 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106921 title openSUSE Security Update : dovecot22 (openSUSE-2018-189) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-189. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106921); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-15132"); script_name(english:"openSUSE Security Update : dovecot22 (openSUSE-2018-189)"); script_summary(english:"Check for the openSUSE-2018-189 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for dovecot22 fixes one issue. This security issue was fixed : - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075608" ); script_set_attribute( attribute:"solution", value:"Update the affected dovecot22 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-backend-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-lucene"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-lucene-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-solr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-solr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-squat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot22-fts-squat-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-mysql-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-mysql-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-pgsql-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-pgsql-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-sqlite-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-backend-sqlite-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-debugsource-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-devel-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-lucene-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-lucene-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-solr-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-solr-debuginfo-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-squat-2.2.31-2.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dovecot22-fts-squat-debuginfo-2.2.31-2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot22 / dovecot22-backend-mysql / etc"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1057.NASL description According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot last seen 2020-05-06 modified 2018-03-20 plugin id 108461 published 2018-03-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108461 title EulerOS 2.0 SP2 : dovecot (EulerOS-SA-2018-1057) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108461); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-15132" ); script_name(english:"EulerOS 2.0 SP2 : dovecot (EulerOS-SA-2018-1057)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.(CVE-2017-15132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1057 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11eae11a"); script_set_attribute(attribute:"solution", value: "Update the affected dovecot package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dovecot-pigeonhole"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dovecot-2.2.10-5.h1", "dovecot-mysql-2.2.10-5.h1", "dovecot-pgsql-2.2.10-5.h1", "dovecot-pigeonhole-2.2.10-5.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3556-1.NASL description It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106582 published 2018-02-02 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106582 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : dovecot vulnerability (USN-3556-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3556-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106582); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2017-15132"); script_xref(name:"USN", value:"3556-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : dovecot vulnerability (USN-3556-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3556-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected dovecot-core package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-core"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"dovecot-core", pkgver:"1:2.2.9-1ubuntu2.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"dovecot-core", pkgver:"1:2.2.22-1ubuntu2.6")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"dovecot-core", pkgver:"1:2.2.27-3ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot-core"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4130.NASL description Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and last seen 2020-06-01 modified 2020-06-02 plugin id 107122 published 2018-03-05 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107122 title Debian DSA-4130-1 : dovecot - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4130. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(107122); script_version("3.4"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2017-14461", "CVE-2017-15130", "CVE-2017-15132"); script_xref(name:"DSA", value:"4130"); script_name(english:"Debian DSA-4130-1 : dovecot - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. - CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. - CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888432" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891819" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891820" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-14461" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-15130" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-15132" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/dovecot" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/dovecot" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/dovecot" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4130" ); script_set_attribute( attribute:"solution", value: "Upgrade the dovecot packages. For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4. For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"dovecot-core", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-dbg", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-dev", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-gssapi", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-imapd", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-ldap", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-lmtpd", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-lucene", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-managesieved", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-mysql", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-pgsql", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-pop3d", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-sieve", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-solr", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"8.0", prefix:"dovecot-sqlite", reference:"1:2.2.13-12~deb8u4")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-core", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-dbg", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-dev", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-gssapi", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-imapd", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-ldap", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-lmtpd", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-lucene", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-managesieved", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-mysql", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-pgsql", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-pop3d", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-sieve", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-solr", reference:"1:2.2.27-3+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"dovecot-sqlite", reference:"1:2.2.27-3+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1333.NASL description Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and last seen 2020-03-17 modified 2018-04-02 plugin id 108767 published 2018-04-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108767 title Debian DLA-1333-1 : dovecot security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1333-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(108767); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-14461", "CVE-2017-15130", "CVE-2017-15132"); script_name(english:"Debian DLA-1333-1 : dovecot security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker. CVE-2017-15130 It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected. CVE-2017-15132 It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication. For Debian 7 'Wheezy', these problems have been fixed in version 1:2.1.7-7+deb7u2. We recommend that you upgrade your dovecot packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/dovecot" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-gssapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-lmtpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-managesieved"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-pop3d"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-sieve"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-solr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot-sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"dovecot-common", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-core", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-dbg", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-dev", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-gssapi", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-imapd", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-ldap", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-lmtpd", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-managesieved", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-mysql", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-pgsql", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-pop3d", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-sieve", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-solr", reference:"1:2.1.7-7+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"dovecot-sqlite", reference:"1:2.1.7-7+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_92B8B284A3A241B1956CF9CF8B74F500.NASL description Pedro Sampaio reports : A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. A abort of SASL authentication results in a memory leak in Dovecot auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. last seen 2020-06-01 modified 2020-06-02 plugin id 106426 published 2018-01-29 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106426 title FreeBSD : dovecot -- abort of SASL authentication results in a memory leak (92b8b284-a3a2-41b1-956c-f9cf8b74f500) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(106426); script_version("1.6"); script_cvs_date("Date: 2018/11/10 11:49:47"); script_cve_id("CVE-2017-15132"); script_name(english:"FreeBSD : dovecot -- abort of SASL authentication results in a memory leak (92b8b284-a3a2-41b1-956c-f9cf8b74f500)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Pedro Sampaio reports : A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. A abort of SASL authentication results in a memory leak in Dovecot auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1532768" ); # https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?19f4bee9" ); # https://vuxml.freebsd.org/freebsd/92b8b284-a3a2-41b1-956c-f9cf8b74f500.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?add8d437" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"dovecot>2.0<=2.2.33.2_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"dovecot>=2.3<=2.3.0")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1532768
- https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
- https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html
- https://usn.ubuntu.com/3556-1/
- https://usn.ubuntu.com/3556-2/
- https://www.debian.org/security/2018/dsa-4130
- https://www.dovecot.org/list/dovecot-news/2018-February/000370.html