Vulnerabilities > CVE-2019-11494 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2019-05-08

Updated: 2023-11-07

Summary

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Vulnerable Configurations

Part	Description	Count
Application	Dovecot Dovecot Dovecot 2.3.3 Dovecot Dovecot 2.3.4 Dovecot Dovecot 2.3.4.1 Dovecot Dovecot 2.3.5 Dovecot Dovecot 2.3.5.1 Dovecot Dovecot 2.3.5.2	7
OS	Fedoraproject Fedoraproject Fedora 29 Fedoraproject Fedora 30	2
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-9E004DECEA.NASL
description	dovecot updated to 2.3.6, includes several security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125910
published	2019-06-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125910
title	Fedora 30 : 1:dovecot (2019-9e004decea)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-9e004decea. # include("compat.inc"); if (description) { script_id(125910); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-11494", "CVE-2019-11499", "CVE-2019-3814", "CVE-2019-7524"); script_xref(name:"FEDORA", value:"2019-9e004decea"); script_name(english:"Fedora 30 : 1:dovecot (2019-9e004decea)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "dovecot updated to 2.3.6, includes several security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9e004decea" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:dovecot package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"dovecot-2.3.6-3.fc30", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:dovecot"); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_3F98CCB36B8A11E99B5CA4BADB296695.NASL
description	Aki Tuomi reports : Submission-login crashes with signal 11 due to NULL pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker(s). Aki Tuomi reports : Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent. This can lead to denial-of-service attack by persistent attacker(s).
last seen	2020-06-01
modified	2020-06-02
plugin id	124429
published	2019-05-01
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124429
title	FreeBSD : Dovecot -- Multiple vulnerabilities (3f98ccb3-6b8a-11e9-9b5c-a4badb296695)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3961-1.NASL
description	It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124457
published	2019-05-01
reporter	Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124457
title	Ubuntu 18.10 / 19.04 : dovecot vulnerabilities (USN-3961-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1146.NASL
description	According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.(CVE-2019-11494) - In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.(CVE-2019-11499) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-03
modified	2020-02-25
plugin id	133980
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133980
title	EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2020-1146)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2281.NASL
description	This update for dovecot23 fixes the following issues : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15-SP1:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	129709
published	2019-10-08
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129709
title	openSUSE Security Update : dovecot23 (openSUSE-2019-2281)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2514-1.NASL
description	This update for dovecot23 fixes the following issues : CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	129554
published	2019-10-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129554
title	SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:2514-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2278.NASL
description	This update for dovecot23 fixes the following issue : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	129706
published	2019-10-08
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129706
title	openSUSE Security Update : dovecot23 (openSUSE-2019-2278)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References