Vulnerabilities > CVE-2019-11499
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| OS | 2 | |
| OS | 2 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-9E004DECEA.NASL description dovecot updated to 2.3.6, includes several security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125910 published 2019-06-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125910 title Fedora 30 : 1:dovecot (2019-9e004decea) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-9e004decea. # include("compat.inc"); if (description) { script_id(125910); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-11494", "CVE-2019-11499", "CVE-2019-3814", "CVE-2019-7524"); script_xref(name:"FEDORA", value:"2019-9e004decea"); script_name(english:"Fedora 30 : 1:dovecot (2019-9e004decea)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "dovecot updated to 2.3.6, includes several security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9e004decea" ); script_set_attribute( attribute:"solution", value:"Update the affected 1:dovecot package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"dovecot-2.3.6-3.fc30", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:dovecot"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3F98CCB36B8A11E99B5CA4BADB296695.NASL description Aki Tuomi reports : Submission-login crashes with signal 11 due to NULL pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker(s). Aki Tuomi reports : Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent. This can lead to denial-of-service attack by persistent attacker(s). last seen 2020-06-01 modified 2020-06-02 plugin id 124429 published 2019-05-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124429 title FreeBSD : Dovecot -- Multiple vulnerabilities (3f98ccb3-6b8a-11e9-9b5c-a4badb296695) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3961-1.NASL description It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124457 published 2019-05-01 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124457 title Ubuntu 18.10 / 19.04 : dovecot vulnerabilities (USN-3961-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1146.NASL description According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.(CVE-2019-11494) - In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.(CVE-2019-11499) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-02-25 plugin id 133980 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133980 title EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2020-1146) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2281.NASL description This update for dovecot23 fixes the following issues : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129709 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129709 title openSUSE Security Update : dovecot23 (openSUSE-2019-2281) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2514-1.NASL description This update for dovecot23 fixes the following issues : CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129554 published 2019-10-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129554 title SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:2514-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2278.NASL description This update for dovecot23 fixes the following issue : - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129706 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129706 title openSUSE Security Update : dovecot23 (openSUSE-2019-2278)
References
- https://www.dovecot.org/security.html
- https://www.dovecot.org/download.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/